89 matches found
EUVD-2026-41262
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...
WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability
Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...
CVE-2026-3208
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...
CVE-2026-46597 affecting package cf-cli for versions less than 8.7.11-6
CVE-2026-46597 affecting package cf-cli for versions less than 8.7.11-6. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2023-2905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems...
GHSA-F24X-5G9Q-753F OAuth2 Proxy's session cookies are not cleared when rendering sign-in page
Impact A regression introduced in v7.11.0 is preventing OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. This only impacts deployments that rely on the sign-in page as part of their logout flow. In those setups, a user may be shown the sign-in page while the existing...
CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...
CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
EUVD-2026-12550
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3...
CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...
CVE-2026-31892
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...
CVE-2026-22470
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004650)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004650 advisory. An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions expanddownwards and expandupwards...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004168)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004168 advisory. An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions expanddownwards and expandupwards...
CVE-2025-14111
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...
CVE-2025-14111
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...
PT-2025-49319
Name of the Vulnerable Software and Affected Versions Rarlab RAR App versions up to 7.11 Build 127 Description A security issue exists in the component com.rarlab.rar of Rarlab RAR App on Android. This allows for path traversal, potentially enabling remote attacks. Exploitation is considered high...
UBUNTU-CVE-2025-52331
Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...