CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

EUVD-2026-36831

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

EUVD-2026-36815

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-42639

CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions

CVE-2026-37216

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

ITScape

🛡️ ITScape - Test your systems for security gaps !https:/...

Malicious code in intel-ai-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

ROOT-OS-DEBIAN-12-CVE-2026-1502 CVE-2026-1502 in rootio-python3.11 - Patched by Root

Root has patched CVE-2026-1502 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-3644 CVE-2026-3644 in rootio-python3.11 - Patched by Root

Root has patched CVE-2026-3644 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

CVE-2025-3000 vulnerabilities

Vulnerabilities for packages: py3-torch-cuda-12.9, py3-torch-cuda-12.8, py3-torch-cuda-13.0, py3-torch-cuda-13.3, py3-torch-cuda-13.1, py3-torch-cuda-12.6, nemo, py3-torch-cuda-13.2, py3-torch-cuda-12.4...

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

EUVD-2025-210138

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

CVE-2016-20079 WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

Malicious code in unicocheck-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...

EUVD-2026-36712

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...