CVE-2026-32968

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

SvelteKit 访问控制错误漏洞

SvelteKit is an open-source web development framework developed in Svelte. Versions of SvelteKit prior to 6.3.2 contained a access control vulnerability; this vulnerability stemmed from the ability for internal query parameters to be accessed, which could lead to cache poisoning...

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

PT-2026-20984

Name of the Vulnerable Software and Affected Versions Statamic versions 5.73.8 and below, and 6.0.0-alpha.1 through 6.3.1 Description Statamic, a Laravel and Git powered content management system CMS, is affected by a Stored Cross-Site Scripting XSS issue in the html fieldtypes. This flaw allows...

CVE-2025-58744 Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...

CVE-2025-60083

Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...

CVE-2025-60083 WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...

CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

PT-2025-51816

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...

EUVD-2025-35169

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

WordPress plugin Nasa Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

AZL-57639 CVE-2025-1744 affecting package gdal 3.6.3-2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

WordPress plugin Filebird 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-44026

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting XSS, issue 3 of 6...

NetScout nGeniusONE 跨站脚本漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A security vulnerability exists in nGeniusONE version 6.3.2 that stems from a cross-site scripting issue...

CVE-2022-35632

creationtimestamp| type| source ---|---|--- 2022-07-29 20:13:41+00:00| seen| https://t.me/cibsecurity/47266...