62 matches found
CVE-2026-40721 WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
Exploit for CVE-2026-34908
UniFi OS Server Unauth RCE Chain Detection Script A safe dete...
EUVD-2026-30284
Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017479)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017479 advisory. A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...
EUVD-2026-19069
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
EUVD-2026-10710
@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...
CVE-2026-24114
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...
CVE-2022-26301
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php...
CVE-2023-25041
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cththemes Monolit theme = 2.0.6 versions...
WordPress plugin WP Adminify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2025-319-01)
The version of xpdf installed on the remote host is prior to 4.06. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-319-01 advisory. New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
PT-2025-42181
Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The software includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery...
Linux Distros Unpatched Vulnerability : CVE-2023-22724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross- site Scripting via malicious RSS feeds. An Administrator...
Linux Distros Unpatched Vulnerability : CVE-2011-1288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...
WordPress Authors List plugin <= 2.0.6.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Authors List versions = 2.0.6.2...
CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint...