Simple Responsive Tourism Website 代码注入漏洞

Simple Responsive Tourism Website is a simple responsive tourism website. Version 1.0 of Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameters firstname, lastname, and username in the...

CVE-2026-2015

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...

CVE-2026-2017

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

CVE-2026-1802

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-684 Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

PT-2026-5601

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit vpncli file upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploi...

CVE-2026-1733

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

PT-2026-5585

Name of the Vulnerable Software and Affected Versions Zhong Bang CRMEB versions prior to 5.6.4 Description A security issue exists in Zhong Bang CRMEB. Improper authorization can occur due to manipulation of the order id argument within the detail/tidyOrder function located in the /api/store...

WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eDS Responsive Menu versions = 1.2...

CVE-2026-1407

A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.0955. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclosure. The attack may be carried out on the physical device. The attack is considered to have high...

WordPress Responsive Header Plugin plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Responsive Header versions = 1.0...

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-4678

A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09 55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high leve...

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1300

CVE-2026-1300 refers to the WordPress plugin Responsive Header (versions

CVE-2026-1300

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1300 Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Responsive Header has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4606

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...