PT-2026-39591

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

EUVD-2024-55566

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

PT-2026-27494

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server Liberty affected versions not specified Description IBM WebSphere Application Server Liberty is susceptible to a privilege escalation issue. The issue allows an attacker to gain elevated privileges within the...

UBUNTU-CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization

A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...

PT-2026-1177

CVE-2025-34167 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-34167 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the lin...

EUVD-2025-205527

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-10317 Multiple Cross-Site Request Forgery in Quick.Cart

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not...

WordPress plugin BuddyPress 安全漏洞

WordPress Buddypress Plugin is an open source social networking plugin developed by Automattic the parent company of WordPress for converting WordPress websites into fully functional social platforms. WordPress Buddypress Plugin suffers from a lack of authorization vulnerability, no details of th...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a buffer overflow vulnerability that stems from the program not properly checking boundaries, no details of the vulnerability are provided at this time...

PT-2024-27584 · Unknown · Newspack Newsletters

Name of the Vulnerable Software and Affected Versions: Newspack Newsletters versions n/a through 2.13.2 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing out-of-bounds writes. No details of the vulnerability are provided at this time...

osbar.org Cross Site Scripting vulnerability OBB-3900446

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

womenwantadventure.com.au Cross Site Scripting vulnerability OBB-3865192

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

board.rhythmer.net Cross Site Scripting vulnerability OBB-3836384

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-1035 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows Group Policy Services. It allows an attacker to elevate their privileges. There is no informati...

heuhotels-im-wendland.de Improper Access Control vulnerability OBB-3818833

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kurumayama-hotel.com Improper Access Control vulnerability OBB-3802888

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Silicon Labs EmberZNet Security Vulnerability

Silicon Labs EmberZNet is a complete Zigbee protocol package from Silicon Labs, Inc. that contains all the elements required for robust and reliable mesh networking applications on the Silicon Labs Ember platform. A security vulnerability exists in Silicon Labs EmberZNet versions 7.1.3 through...

pcflock.com Cross Site Scripting vulnerability OBB-3566148

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...