Linux Distros Unpatched Vulnerability : CVE-2026-24808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects...

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.1...

PT-2026-4071

Name of the Vulnerable Software and Affected Versions Arraytics Eventin versions through 4.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...

OpenSolution Quick.Cart cross-site scripting vulnerabilities

OpenSolution Quick.Cart is an online shopping system developed by the Polish company OpenSolution. OpenSolution Quick.Cart has a cross-site scripting vulnerability; this vulnerability stems from the sSort parameter, which is vulnerable to reflective cross-site scripting attacks, potentially...

OpenSolution Quick.Cart path traversal vulnerability

OpenSolution Quick.Cart is an online store system developed by the Polish company OpenSolution. OpenSolution Quick.Cart has a path traversal vulnerability, which stems from issues with the theme selection mechanism involving local file inclusion and path traversal attacks. These vulnerabilities...

Internet Voting is Too Insecure for Use in Elections

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology...

WordPress Academy LMS plugin <= 3.5.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by vgo0 in WordPress Plugin Academy LMS versions = 3.5.0...

WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

Linux Distros Unpatched Vulnerability : CVE-2026-23490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-O...

VulnCheck KEV: CVE-2020-26836

SAP Solution Manager Trace Analysis, version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2023-31142

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2020-7877

A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...

CVE-2020-7863

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...

CVE-2025-67278

TIM BPM Suite and TIM FLOW versions prior to 9.1.2 are affected by a vulnerability that lets a remote attacker escalate privileges via a crafted HTTP request. The issue is documented across multiple sources (NVD, Red Hat, CNNVD) with a fix only noted as upgrading to 9.1.2 or later. The exact root...

CVE-2013-7363

Unspecified vulnerability in the Diagnostics SMD agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol...