WordPress plugin Widget Context 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

Request Tracker SQL注入漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 5.0.0 to 5.0.9, as well as 6.0.0 to 6.0.2, have a SQL injection vulnerability. This vulnerability arises from SQL injections, allowing authenticated users to construct inputs and merge them into...

Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

PT-2026-42794

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

Request Tracker 跨站请求伪造漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 6.0.0 to 6.0.2 of Request Tracker contain a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery, allowing attackers to induce logged-in users to acce...

Request Tracker 授权问题漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions of Request Tracker from 5.0.9 and earlier, as well as versions 6.0.0 to 6.0.2, have a permission issue vulnerability. This vulnerability stems from an authentication bypass in RT installations that...

Linux Distros Unpatched Vulnerability : CVE-2026-6883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

Linux Distros Unpatched Vulnerability : CVE-2026-41075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016686 advisory. Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a...

RockyLinux 8 : osbuild-composer (RLSA-2025:9844)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9844 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-6841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the Page parameter in GET requests. An attacker can craft a URL that, wh...

Linux Distros Unpatched Vulnerability : CVE-2026-6063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain...

PT-2026-42749

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the fact that HTTP request blocks and code blocks validated the initial request URL using validateHttpReqUrl. However...

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

PT-2026-42733

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the save widget context settings function. This makes it possible for unauthenticated attackers to modify widget...

Exploit for CVE-2026-5118

Divi Form Builder ⚠️ WARNING: This tool is for authorized p...