PT-2026-39402

Name of the Vulnerable Software and Affected Versions Yii Framework versions prior to 2.0.55 Description Internal variables in the View::renderPhpFile and ErrorHandler::renderFile functions are not isolated, which can lead to parameter collisions that allow the overriding of included file paths...

CVE-2025-12072

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

CVE-2025-12072 Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...

多款Qualcomm产品输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm chips that stems from a lack of...