Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from integer overflows in the parameter counting within the createdirtylog function. This could lead t...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

CVE-2026-38930

OpenRapid RapidCMS v1.3.1 has an authentication bypass in /template/default/menu.php. The issue arises from injecting a crafted SQL payload into the name cookie parameter, enabling bypass of authentication. Documentation indicates a network-level vector with low confidentiality/integrity impact (...

PT-2026-43544

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render content method in class-search-result-title.php outputs the...

OpenRapid RapidCMS 安全漏洞

OpenRapid RapidCMS is a fast, simple, and useful CMS system developed under the OpenRapid open-source framework. Version 1.3.1 of OpenRapid RapidCMS contains a security vulnerability. This vulnerability stems from a flaw in the /template/default/menu.php component, where authentication bypasses a...

PT-2026-43682

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in Keycloak, an open-source identity and access management solution, allows a remote attacker to manipulate the authentication process by crafting a special web address. This occurs...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.7.3 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by the strcpy function in the Web Management Interface component/goform/formGroupConfig file,...

PT-2026-43552

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43496

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress customizer notify dismiss action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-...

TeamSpeak 3 Server 安全漏洞

TeamSpeak 3 Server is a real-time voice communication server software developed by the TeamSpeak company. Versions of TeamSpeak 3 Server prior to 3.13.7 contain security vulnerabilities. These vulnerabilities stem from the client-handshake handler component’s handling of the ‘proof’ parameter,...

PT-2026-43563

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

PT-2026-44038

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

PT-2026-43507

Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...

PT-2026-44059

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.3 Description The VectorDB configuration endpoint accepts a host parameter that lacks validation against internal IP ranges, reserved hostnames, or URL schemes. This allows an authenticated user with builder-lev...

PT-2026-43570

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2026-43890

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the create dirty log function within the dm mirror component. The calculation args used = 2 + param count occurs before validating against argc. If a user...

PT-2026-44043

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...