PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

CVE-2026-39418

CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...

CVE-2026-34071

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

WordPress Ebook Store plugin <= 5.8001 - Reflected Cross-Site Scripting via 'step' vulnerability

Reflected Cross-Site Scripting via 'step' vulnerability discovered by nvthien in WordPress Plugin Ebook Store versions = 5.8001...

CVE-2025-59567

CVE-2025-59567 is a real Missing Authorization issue identified in the Coupon Affiliates – Affiliate Plugin for WooCommerce. The connected Wordfence vulnerability listing confirms the flaw exists in Coupon Affiliates up to version 6.8.0 and rates it as a Medium impact (CVSS v3.1: 5.5; network att...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2023-52205

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0...

CVE-2019-17493

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-19456

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

CVE-2019-17489

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...

CVE-2025-39366

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...

CVE-2025-39350

CVE-2025-39350 : WordPress wProject theme prior to 5.8.0 suffers an unauthenticated post/comment/attachment modification/deletion vulnerability. Exploitation requires no authentication, enabling an attacker to modify or delete content on vulnerable sites running wProject

CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

CVE-2025-3394

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the editSave method not properly verifying the requested user privileges, which may result in modification of the system configuration...

CVE-2024-32854

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation...