PT-2026-44892

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

JetBrains TeamCity 输入验证错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Prior to JetBrains TeamCity 2026.1, there was a...

PT-2026-44859

Name of the Vulnerable Software and Affected Versions WP Travel Pro versions prior to 10.6.1 Description The plugin allows unauthenticated attackers to delete arbitrary user accounts, including administrators. This occurs via the '/wp-json/wp-travel/v1/travel-guide/user id' REST API endpoint...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

PT-2026-44960

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description An open redirect exists within the SAML plugin. An open redirect occurs when an application takes a user-supplied URL and redirects the user to it without sufficient validation, potential...

📄 WordPress Temporary Login 1.0.0 Authentication Bypass

WordPress Temporary Login plugin versions 1.0.0 and below suffer from an authentication bypass vulnerability. Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-44962

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 Description Code execution is possible through template injection within the Copyright plugin. Template injection occurs when untrusted input is embedded into a template and executed by the...

WordPress plugin Poll Maker 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-44746

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays poll get user information' AJAX action, which serializes and returns the...

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

WordPress plugin Simple Divi Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass vulnerability in the QQBot’s native approval button, which failed to enforce th...

Linux Distros Unpatched Vulnerability : CVE-2026-44838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions...

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

OPENSUSE-SU-2026:10902-1 golang-github-teddysun-v2ray-plugin-5.49.0-1.1 on GA media

These are all security issues fixed in the golang-github-teddysun-v2ray-plugin-5.49.0-1.1 package on the GA media of openSUSE Tumbleweed...

Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage: https://quickplayground.com Software Link: https://downloads.wordpress.org/plugin/quick-playground.1.3.1.zip Version: \ wp...

Prodigy Commerce 3.3.0 - Local File Inclusion

Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link: https://wordpress.org/plugins/prodigy-commerce/ Version: 3.2.9 Tested on: Debian CVE : CVE-2026-0926 Description: Prodigy Commerce...

CVE-2026-6816

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...