PT-2026-46895

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

PT-2026-46197

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export csv and a malicious path...

PT-2026-46323

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46340

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

📄 WordPress ARMember Premium 7.3.1 Insecure Password Reset

WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account takeover. ☠️ CVE-2026-5076 ARMember Premium --- 📋 Informasi Kerentanan | Item | Detail | |---|---| | CVE ID | CVE-2026-5076 | | Plugin | ARMember –...

PT-2026-46849

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026...

AlmaLinux 8 : vim (ALSA-2026:22730)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:22730 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block directly...

PT-2026-46381

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

JetBrains TeamCity < 2026.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...

JetBrains IntelliJ IDEA < 2026.1 Multiple Vulnerabilities

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin CVE-2026-49382 - In JetBrains...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Dokan versions = 5.0.2...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by adhikara13 in WordPress Plugin JobSearch versions = 3.2.7...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by fayespiegel in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Septio Noerdiansyah in WordPress Plugin Really Simple SSL versions = 9.5.10...

WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan NR in WordPress Plugin Really Simple SSL versions = 9.5.9...