EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

CVE-2025-32223 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

EUVD-2026-5650

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

WordPress Code Snippets plugin <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability

Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability discovered by type5afe in WordPress Plugin Code Snippets versions = 3.9.4...

EUVD-2026-3947

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through = 1.0.7...

EUVD-2026-3943

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through = 1.3.4...

CVE-2025-47555

CVE-2025-47555 is an Authorization Bypass in Themeum Tutor LMS (Tutor) caused by incorrect access control, allowing a user-controlled key to bypass restrictions. Affected: Tutor LMS versions up to 3.9.4 (n/a through

CVE-2025-55049

Use of Default Cryptographic Key CWE-1394...

OESA-2025-1271 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option...

CVE-2022-36394

creationtimestamp| type| source ---|---|--- 2022-08-23 22:27:07+00:00| seen| https://t.me/cibsecurity/48609...

libtiff: Heap-buffer overflow due to TileSize calculation when parsing tiff files

Multiple integer overflows in tiffgetimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the 1 gtTileSeparate or 2 gtStripSeparate function, leading to a heap-based buffer overflow...