WordPress plugin Background Image Cropper 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...

WordPress plugin Augmented-Reality plugin 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-47446

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...

PT-2026-47232

Name of the Vulnerable Software and Affected Versions WordPress Augmented-Reality plugin affected versions not specified Description A remote code execution issue exists in the elFinder connector. Unauthenticated attackers can upload and execute arbitrary PHP files by sending POST requests to the...

Amazon Linux 2 : unbound, --advisory ALAS2-2026-3322 (ALAS-2026-3322)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3322 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables...

PT-2026-47477

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Network component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs wh...

PT-2026-47476

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory corruption flaw...

PT-2026-47483

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Payments allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

PT-2026-47465

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Compositing allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-47500

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Guest View allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-47458

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the TabStrip component. This allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI...

PT-2026-47496

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the PDF component, which allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a...

📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization

This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...

PT-2026-47235

Name of the Vulnerable Software and Affected Versions WordPress Background Image Cropper version 1.2 Description An issue allows unauthenticated attackers to upload arbitrary files by accessing the 'ups.php' endpoint. By utilizing the file upload form within the plugin directory, attackers can...

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

PT-2026-47234

Name of the Vulnerable Software and Affected Versions Seotheme affected versions not specified Description An issue in the WordPress Seotheme allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP...

PT-2026-47432

Name of the Vulnerable Software and Affected Versions AgentCore CLI versions prior to 0.14.2 Description Improper neutralization of triple-quote characters during Python code generation allows an authenticated remote actor to execute arbitrary code. This occurs when a crafted...

TencentOS Server 4: dnsmasq (TSSA-2026:0344)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0344 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RHEL 9 : unbound (RHSA-2026:24369)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24369 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash...

TencentOS Server 4: libarchive (TSSA-2026:0308)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0308 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...