PT-2026-37087

Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

CVE-2025-9093

A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally...

CVE-2022-20213

CVE-2022-20213 affects Android 10–12, specifically the ApplicationsDetailsActivity in AndroidManifest.xml. The issue permits a local DoS via tapjacking/overlay with user interaction required and no additional execution privileges. CVSS v3.1 base score 5.5 (Medium). Exploitation status is not prov...

WebClientPrint Processor 2.0.15.109 Updates Remote Code Execution

Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor WCPP. These updates may be distributed through specially crafted websites and are processed without...