PT-2026-31384

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

PT-2026-31099

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quran playlist options function that handles the plugin's settings page. The function processes POST requests to update...

OpenClaw 输入验证错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

PT-2026-31433

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

PT-2026-31393

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

CVE-2025-50666

The CVE-2025-50666 entry concerns the D-Link DI-8003 router with firmware 16.07.26A1. A buffer overflow occurs in the /web_post.asp endpoint due to improper handling of multiple parameters, exploitable by a crafted HTTP GET with parameters such as name, en, user_id, log, and time. Reported impact...

CVE-2026-31017

The connected PT-2026-31332 entry confirms a concrete SSRF vulnerability in ERPNext v16.0.1 and Frappe Framework v16.1.1, arising from insufficient sanitization of HTML in the Print Format function before PDF rendering. This allows user-supplied HTML (e.g., iframe elements) to trigger the server-...

PT-2026-31388

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem gb2312, and mem utf8 parameters...

CVE-2025-50670

CVE-2025-50670 affects the D-Link DI-8003, version 16.07.26A1 , with a buffer overflow caused by improper handling of parameters in the endpoint /xwgl_bwr.asp . An attacker can exploit via a crafted HTTP GET request using the parameters name , qq , and time . Documented impact is a vulnerability ...

PT-2026-31195

CVE-2026-39630 Server-Side Request Forgery SSRF vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/… https://t.co/fsQvsHmxln...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

PT-2026-31211

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006665 advisory. In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blkmqallocrequesthctx This patch prevents that test...

PT-2026-31371

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe list opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow...

WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

RHEL 8 : nodejs:22 (RHSA-2026:7123)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7123 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

PT-2026-31184

CVE-2026-39619 Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a t… https://t.co/PP035okJ62...

PT-2026-31290

Name of the Vulnerable Software and Affected Versions The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net versions up to and including 1.1.5 Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPre...

PT-2026-31328

Name of the Vulnerable Software and Affected Versions QD 20230821 affected versions not specified Description QD 20230821 is susceptible to a Server-side request forgery SSRF condition. This occurs when a crafted request is processed, allowing for potential unauthorized access or actions on...