CVE-2026-46607

CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1587)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1587 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

OESA-2026-1675 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setti...

Tornado 资源管理错误漏洞

Tornado is a Python web framework and asynchronous networking library from Tornado China. This library can scale to thousands of open connections by using non-blocking network I/O, making it ideal for applications that require long-term polling, WebSocket, and other scenarios where long-term...

PT-2025-49933

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

AZL-69568 CVE-2025-61104 affecting package frr for versions less than 8.5.5-5

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyunknowntlv function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

WordPress Plugin Directory Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Directory Pro versions = 2.5.5...

CVE-2023-29095

Auth. admin+ SQL Injection SQLi vulnerability in David F. Carr RSVPMaker plugin 10.5.5 versions...

CVE-2022-41554

Stored Cross-Site Scripting XSS vulnerability in John West Slideshow SE plugin = 2.5.5 versions...

CVE-2019-13235

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

CVE-2025-32271 WordPress Woocommerce Role Pricing Plugin <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ablancodev Woocommerce Role Pricing allows Cross Site Request Forgery. This issue affects Woocommerce Role Pricing: from n/a through 3.5.5...

Remote Code Execution

com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...

WordPress plugin Bit File Manager 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

XunRuiCMS Security Vulnerability

XunRuiCloud Software Development XunRuiCMS XunRuiCMS is an open source content management system CMS from China's XunRuiCloud Software Development Company. A security vulnerability exists in XunRuiCMS version v4.5.5, which was discovered to contain a Reflected Cross-Site Scripting XSS vulnerabili...

Zkteco BioTime Path Traversal Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime version v8.5.5, which originates from a vulnerability that allows an unauthenticated attacker to read arbitrary files by providin...

@antgineering-studio/strapi (=4.5.5), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2023-22621 via @strapi/plugin-email (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.5.5)

@strapi/plugin-email NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =4.2.0, =4.2.2, =0.0.1, =1.0.1, =0.1.1, =1.0.9, =0.0.1, =0.0.5 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...

SUSE CVE-2013-2724

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Smart...