CVE-2026-28034

CVE-2026-28034 : An improper control of filename for include/require statements in PHP ('PHP Remote File Inclusion') affects the ThemeREX Progress WordPress theme, specifically Progress versions

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

WordPress plugin Progress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-23316

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through = 1.2...

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Progress versions = 1.2...

Progress Telerik UI 安全特征问题漏洞

Progress Telerik UI is a UI control suite for application development developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to version 2026.1.225 contained security feature vulnerabilities, which were caused by insufficient entropy in the RadAsyncUpload...

scsi: qla2xxx: Delay module unload while fabric scan in progress

...

CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

Djena_Bertrand

Description This the writeup on the challenges we solved duri...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 145.0.7632.45 Linux 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect JDBC drivers

Summary Multiple vulnerabilities in Progress DataDirect JDBC drivers that are used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-10702 DESCRIPTION: Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC...

Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the delapikey command. The issue resul...

Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the getcipherset command. Th...

Your VMDR Year in Review: Making Security Progress Visible and Actionable

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002035 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

CVE-2025-13444

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...

OPENSUSE-SU-2026:20038-1 Security update for wget2

This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...

CVE-2025-13447

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters...