CVE-2026-6991

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

EUVD-2025-50828

OpenEXR Makes Use of Uninitialized Memory...

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2026-21940

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: User and User Group. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of...

WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Craft versions = 2.3.6...

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Fedora 43 : singularity-ce (2025-d3cd3e7cf0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d3cd3e7cf0 advisory. Upgrade to 4.3.6 upstream version. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2025-51882

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.368.0 Description A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key EDK that decrypts to different...

CVE-2025-60202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

EUVD-2025-38113

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

CVE-2025-57947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

CVE-2025-57947 WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through = 6.3.8...

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team=Setting=action...

CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13816

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This mak...

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin <= 2.3.6 - Unauthenticated SQL Injection vulnerability

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin = 2.3.6 - Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CURCY versions = 2.3.6...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...