Wimi Teamwork On-Premises 安全漏洞

Wimi Teamwork On-Premises is an enterprise collaboration platform developed by the French company Teamwork. Versions of Wimi Teamwork On-Premises prior to 8.2.0 contained a security vulnerability. This vulnerability stemmed from an insecure direct object reference in the preview.php endpoint, whi...

PT-2026-31191

CVE-2026-39626 Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Arm… https://t.co/tFnseFet6N...

WordPress plugin DukaMarket 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 and DI-8003G are both wireless routers from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003 and DI-8003G. The vulnerability is caused due to incorrect boundary checking in the wanping.asp script and can be exploited by an attacker to cause a...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...

WordPress plugin Uminex 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31406

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

OpenClaw Authorization Problem Vulnerability (CNVD-2026-16621)

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11, which stems from the failure of the system.run approval function to properly bind variable file operands for specific script runners such as tsx, jiti, and others. An...

PT-2026-31319

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the html purify validation rule to content fields during create and update operations, while the Blog...

PT-2026-31190

CVE-2026-39625 Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects Tec… https://t.co/G5AXQK2cTi...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the usergroup.asp script and can be exploited by an attacker to cause a denial of service...

PT-2026-31193

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the timegroup.asp script, which can be exploited by an attacker to cause a denial of service...

PT-2026-31324

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

Linux Distros Unpatched Vulnerability : CVE-2026-28808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via...

Unfurl 安全漏洞

Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to version 2026.04 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited zlib decompression issue in the parsecompressed.py script. This could allow...

PT-2026-31288

Name of the Vulnerable Software and Affected Versions Robo Gallery versions through 5.1.3 Description The Robo Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting via the 'Loading Label' setting. The plugin utilizes a custom |...| marker pattern within its fixJsFunction...

WordPress plugin TechOne 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

CVE-2026-1342

IBM Security Verify Access Container and IBM Verify Identity Access products are affected by CVE-2026-1342, where a locally authenticated user could execute malicious scripts outside the control sphere. Affected: IBM Verify Identity Access Container (11.0 - 11.0.2) and IBM Security Verify Access ...