Docker CLI 安全漏洞

Docker CLI is a command-line management tool for containerized applications, open-sourced by Docker. Versions of Docker CLI prior to 29.1.5 contain security vulnerabilities. These vulnerabilities stem from an insecure search path for plugin binary files on Windows, which could allow low-privilege...

📄 WonderCMS 3.4.2 Shell Upload

Proof of concept exploit for an authentication shell upload vulnerability in WonderCMS version 3.4.2. ============================================================================================================================================= | Title : WonderCMS 3.4.2 Authenticated file upload...

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

📄 WordPress AI Engine 3.1.3 Mass Enumeration

This advisory documents a fully automated PHP-based exploitation framework designed to perform mass enumeration, plugin detection, token extraction, and automated account creation targeting vulnerable WordPress MCP-related REST API endpoints...

GHSA-FF98-W8HJ-QRXF OpenClaw plugin runtime command execution is part of trusted plugin boundary

Summary OpenClaw plugins/extensions run in-process and are treated as trusted code. This advisory tracks trust-boundary clarification around plugin runtime command execution runtime.system.runCommandWithTimeout. Impact Plugins already execute with the same OS privileges as the OpenClaw process...

OpenClaw plugin runtime command execution is part of trusted plugin boundary

Summary OpenClaw plugins/extensions run in-process and are treated as trusted code. This advisory tracks trust-boundary clarification around plugin runtime command execution runtime.system.runCommandWithTimeout. Impact Plugins already execute with the same OS privileges as the OpenClaw process...

com.expediagroup.apiary:apiary-ranger-metastore-plugin (>=7.2.1 <=8.1.17), com.witboost.provisioning:scala-mesh-ranger_2.13 (=1.0.0) +64 more potentially affected by CVE-2025-59059 via org.apache.ranger:ranger-plugins-common (>=2.0.0 <=2.7.0)

org.apache.ranger:ranger-plugins-common MAVEN version =2.0.0, =7.2.1, =0.8.44-4, =466, =0.6.0-incubating, =0.8.0-incubating, =1.6.0-incubating, =1.6.0-incubating, =0.7.0, =0.7.0, =1.11.0, =1.11.0, =2.0.0, =1.3.0, =1.3.0, =2.0.0 and more Source cves: CVE-2025-59059 Source advisory:...

com.expediagroup.apiary:apiary-ranger-metastore-plugin (>=7.2.1 <=8.1.17), com.witboost.provisioning:scala-mesh-ranger_2.13 (=1.0.0) +67 more potentially affected by CVE-2025-59059 via org.apache.ranger:ranger-plugins-common (>=0.6.0 <=2.7.0)

org.apache.ranger:ranger-plugins-common MAVEN version =0.6.0, =7.2.1, =0.8.44-4, =0.18.0, =466, =0.6.0-incubating, =0.8.0-incubating, =1.6.0-incubating, =1.6.0-incubating, =0.3.0, =0.3.0, =1.1.0, =1.1.0, =2.0.0, =1.3.0, =2.0.0 and more Source cves: CVE-2025-59059 Source advisory:...

CVE-2026-2568

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

EUVD-2026-9284

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

Oracle Linux 9 : containernetworking-plugins (ELSA-2026-3341)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-3341 advisory. - Rebuild for new golang to address CVE-2025-61726 - rebuild for CVE-2025-22871 Tenable has extracted the preceding description block directly from the...

[SECURITY] Fedora 43 Update: nextcloud-32.0.6-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

MiracleLinux 9 : containernetworking-plugins-1.7.1-3.el9_7 (AXSA:2026-227:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-227:01 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustio...

ch.acanda.maven:code-analysis-maven-plugin (>=0.1.0 <=1.27.0), com.alibaba.p3c.idea:p3c-common (=1.0.0) +175 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=5.2.0 <=7.21.0)

net.sourceforge.pmd:pmd-core MAVEN version =5.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =2.7.1, =ev1.4.1, =ev1.4.1, =2.14.1, =1.0.0, =0.1.0, =0.1.2 and more Source cves: CVE-2026-28338 Source advisory: OSV:GHSA-8RR6-2QW5-PC7R...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +148 more potentially affected by CVE-2025-12150 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.4.3)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.7 and more Source cves: CVE-2025-12150 Source advisory: OSV:GHSA-7G5X-9C4V-4W5R...

WordPress plugin Featured Image from Content 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

containernetworking-plugins security update

An update is available for containernetworking-plugins. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Container Network Interface CNI project consists of a...

RLSA-2026:3341 Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27904 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27904 Source advisory: SNYK:JS-MINIMATCH-15353387...

RHEL 9 : containernetworking-plugins (RHSA-2026:3341)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3341 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...