MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from an...

CVE-2026-5781 Multiple vulnerabilities in MphRx's Minerva

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

Carlson VASCO-B GNSS Receiver 访问控制错误漏洞

The Carlson VASCO-B GNSS Receiver is a high-precision satellite positioning receiving device developed by the American company Carlson. The Carlson VASCO-B GNSS Receiver has a access control vulnerability, which stems from the lack of an authentication mechanism. This vulnerability may allow...

PT-2026-35721

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

MAL-2026-3094 Malicious code in bytedpgsql (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 645f636a2360d86d320bbf691de6457d8df8a7e066fa3fce10b8a85f8576a7a2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-7106 Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

CVE-2026-7106

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

EUVD-2026-25276

A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files...

CVE-2026-6074

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

EUVD-2026-25213

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-6887

The CVE-2026-6887 entry concerns Borg SPM 2007 (BorG Technology Corporation). The connected sources describe a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. The vulnerability impact is descr...

Intrado 911 Emergency Gateway 安全漏洞

Intrado 911 Emergency Gateway is an internally deployed management device from the American company Intrado. There is a security vulnerability present in Intrado 911 Emergency Gateway, which stems from path traversal conditions. This vulnerability could allow attackers with existing network acces...

EUVD-2026-22857

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

CVE-2026-4118

The CVE-2026-4118 entry concerns the WordPress Call To Action Plugin (versions update(). This enables unauthenticated attackers to modify configuration fields (e.g., title, content, link URL, image URL, colors) by forging requests, provided a site administrator is induced to perform an action suc...

PT-2026-34568

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

WordPress plugin Call To Action Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...