WordPress plugin GSheet For Woo Importer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the User Profile Editing controller, which passed the entire original POST array to UserInfo::update...

PT-2026-42597

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within handling of the customLocation parameter. The issue results from the lack ...

VulnCheck KEV: CVE-2026-34926

A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...

CVE-2026-29181 affecting package azurelinux-image-tools for versions less than 1.3.0-1

CVE-2026-29181 affecting package azurelinux-image-tools for versions less than 1.3.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-9133

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ProxyCommand process. An attacker can execute arbitrary commands on the system by injecting malicious input into the SSH ProxyCommand configuration. Remediation Upgrade...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ProxyCommand process. An attacker can execute arbitrary commands on the system by injecting malicious input into the SSH ProxyCommand configuration. Remediation Upgrade github.com/kopia/kopia/cli to...

EUVD-2026-31136

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

Missing Authentication for Critical Function

Overview symfony/twilio-notifier is a Symfony Twilio Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the notifier bridge. An attacker can submit forged webhook status events because the pars...

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

Incorrect Regular Expression

Overview Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'. An attacker can bypass security redirect restrictions by suppling a URL that passes any but...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2025-62718 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

Advisory ROSA-SA-2026-3287

software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-13 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption a...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsnew inode in the file fs/nilfs2/inode.c of the BPF component. This vulnerability allows for manipulation after the memory allocation function free is called. The attack ca...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The component affected by this vulnerability is the “ipv6renewoptions” function within the IPv6 handler. This vulnerability causes a memory leak. The attack can be launched remotely. It is recommended th...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Astra Linux - уязвимость в linux-5.10

A vulnerability has been discovered in the Linux kernel. It has been rated as problematic. The affected component is the sessfreebuffer function in the fs/cifs/sess.c file of the CIFS Handler module. This vulnerability can lead to double-free operations. It is recommended that patches be applied ...