CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

WordPress plugin Pie Register – User Registration, Profiles & Content Restriction 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2017-20238 Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

PT-2026-30230

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description An authenticated user can access other user profiles by manipulating the id number within an API call. This occurs through a specific API endpoint. Recommendations At the moment, there is no...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

Malicious code in k8s-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9358111fecbdb3180b8f4c0c6543abff3024c59deaf488cf3a34089820e96172 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

EUVD-2026-18198

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in currend, and then upon iterating to the next VMA updated currstart to currend to advance to the next VMA. However, this doesn't take...

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

EUVD-2026-17824

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2026-28265

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2026-5256 code-projects Simple Laundry System Parameter modify.php sql injection

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2026-5256

CVE-2026-5256 affects code-projects Simple Laundry System 1.0. The vulnerability is in the Parameter Handler’s modify.php, where manipulation of the firstName parameter leads to SQL injection. Remote exploitation is possible, and the exploit has been published and may be used. The available conne...

PT-2026-29479

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

Dell PowerStore 安全漏洞

Dell PowerStore is an expandable flash-based storage array provided by the American company Dell. There is a security vulnerability present in Dell PowerStore. This vulnerability stems from a path traversal issue within the service users, which may allow low-privilege attackers with local access ...