CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

PT-2026-38283

Name of the Vulnerable Software and Affected Versions Grav form plugin versions prior to 9.1.0 Description An unauthenticated page-content overwrite exists via file upload. The file upload handler in user/plugins/form/classes/Form.php uses a filename parameter that can be controlled via POST...

Linksys FGW3000-AH 注入漏洞

The Linksys FGW3000-AH is a wireless router from Linksys, Inc. An injection vulnerability exists in Linksys FGW3000-AH version 1.0.17.000000 and earlier, which stems from improper handling of the parameter filename by the HTTP POST request handler, which could lead to command injection...