WordPress plugin NMR Strava activities 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

cPanel 输入验证错误漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors, which stem from insufficient input validation in the plugin parameter...

Electerm 输入验证错误漏洞

Electerm is an SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm from 3.0.6 to 3.8.15 contained a vulnerability related to input validation errors. This vulnerability could allow arbitrary local code execution through deep links, CLI options, or custom...

Cradle eCommerce 输入验证错误漏洞

Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a vulnerability related to input validation. This vulnerability stems from improper validation of the returnUrl parameter in the login...

PraisonAI 输入验证错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.4.1 to 4.6.34 contained a vulnerability related to input validation errors. This vulnerability stemmed from unvalidated name and set parameter construction tables and index...

CVE-2026-33844

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

CVE-2026-33844

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

CVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

EUVD-2026-28396

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

JLSEC-2026-466 Mbed TLS peer can force the FFDH shared secret into a small set of values

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) suffers a CVE-2026-6973 vulnerability due to improper input validation. A remotely authenticated user with administrative privileges can achieve remote code execution on affected installations prior to versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. Exploitation h...

CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...