WordPress plugin wpForo Forum 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

Microsoft Word Security Feature Bypass Vulnerability

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from an overflow in...

PT-2026-7400

Name of the Vulnerable Software and Affected Versions Microsoft Word versions prior to February 2026 Patch Tuesday Description A critical security flaw in Microsoft Word allows an attacker to bypass security features locally by exploiting reliance on untrusted inputs during security decisions. Th...

VulnCheck KEV: CVE-2026-21514

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally...

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally...

Reliance on Untrusted Inputs in a Security Decision

Overview @cubejs-backend/api-gateway is a package that provides idempotent long polling API. Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision due to the improper request sanitization. An attacker can gain unauthorized access to higher privile...

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

CVE-2026-2159 SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

PT-2026-6990

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website version 1.0, specifically within an unknown function of the file /tourism/classes/Master.php?f=register...

PT-2026-7003

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...

SUSE CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-24903

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

EUVD-2026-5643

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

PT-2026-6759

Name of the Vulnerable Software and Affected Versions OrcaStatLLM Researcher affected versions not specified Description A stored cross-site scripting XSS issue exists in the Log Message within the Session Page of OrcaStatLLM Researcher. This allows attackers to inject and execute arbitrary...