WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 资源管理错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-71253

creationtimestamp| type| source ---|---|--- 2026-05-06 05:38:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml5ydnqr3a2p 2026-05-06 05:55:39+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3ml5zc4mn572o 2026-05-06 18:59:57+00:00| seen|...

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

CTEK Chargeportal 安全漏洞

CTEK Chargeportal is an electric vehicle charging management platform developed by the Swedish company CTEK. There is a security vulnerability in CTEK Chargeportal, which can be exploited through publicly accessible web-based maps platforms, potentially leading to identifier leaks...

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2025-14043

CVE-2025-14043 affects the WordPress plugin Tainacan . Affected: versions up to and including 1.0.1. Root cause: the REST endpoint’s permissions check in create_item_permissions_check() unconditionally returns true, bypassing authentication/authorization validation. Impact: unauthenticated attack...

PT-2025-52573

Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to and including 1.0.1 Description The Tainacan plugin for WordPress has a flaw where unauthorized metadata sections can be created. This is because the create item permissions check function always...

CVE-2025-10285

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

Silicon Labs Simplicity Device Manager 安全漏洞

Silicon Labs Simplicity Device Manager is a component of an integrated development environment from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Simplicity Device Manager that stems from a publicly exposed web interface that could disclose NTLMv2 hashes...

EUVD-2020-3971

Malware in sbrugna...

EUVD-2022-52074

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-12474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public UR...

Linux Distros Unpatched Vulnerability : CVE-2023-28160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive...

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting XSS vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets...

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

SAP Adobe Document Service 安全漏洞

SAP Adobe Document Service SAP ADS is a document management service from SAP, Germany. A security vulnerability exists in SAP Adobe Document Service, which originates from an attacker authenticated as an administrator, who can create PDFs with embedded attachments using publicly available Web...