CVE-2026-28114 WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2026-28114 WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2025-68555

CVE-2025-68555 affects the Nutrie WordPress theme by zozothemes and is an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a web shell. Affected versions are Nutrie

CVE-2025-68553

CVE-2025-68553 concerns WordPress Lendiz theme (lendiz) with an Unrestricted Upload of File with Dangerous Type vulnerability. The issue allows uploading a web shell to the web server and affects Lendiz versions prior to 2.0.1. Connected sources (Patchstack entry and related vulnerability lists) ...

CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

Summary zeptoclaw implements a allowlist combined with a blocklist to prevent malicious shell commands in src/security/shell.rs. However, even in the Strict mode, attackers can completely bypass all the guards from allowlist and blocklist: - to bypass the allowlist, command injection is enough,...

GHSA-5WP8-Q9MX-8JX8 zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

Summary zeptoclaw implements a allowlist combined with a blocklist to prevent malicious shell commands in src/security/shell.rs. However, even in the Strict mode, attackers can completely bypass all the guards from allowlist and blocklist: - to bypass the allowlist, command injection is enough,...

GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

WordPress plugin Lendiz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23140

Name of the Vulnerable Software and Affected Versions Lendiz versions prior to 2.0.1 Description The software contains a flaw due to unrestricted file upload with a dangerous type, allowing the upload of a web shell to a web server. Recommendations Update to a version newer than or equal to 2.0.1...

PT-2026-23403

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through = 1.2.12...

PT-2026-23387

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

WordPress plugin Nutrie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23142

Name of the Vulnerable Software and Affected Versions Nutrie versions prior to 2.0.1 Description A flaw exists in Nutrie that permits the unrestricted upload of files with dangerous types, potentially allowing an attacker to upload a web shell to a web server. Recommendations Update Nutrie to...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.2)

The version of AHV installed on the remote host is prior to AHV-11.0.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.2 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust...

PT-2026-23615

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. A flaw exists in the RestartAction functionality where a low-privileged authenticated user can execute actions they are...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant. OpenClaw has a vulnerability related to operating system command injection. This vulnerability stems from the exec-approvals permission list validation mechanism, which checks the argv tokens in a pre-expanded manner but actually execut...