569 matches found
PrestaShop: Improper Use of Validation Framework
Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...
GHSA-283W-XF3Q-788V PrestaShop: Improper Use of Validation Framework
Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...
CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
PT-2026-28175
Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0 Description PrestaShop, an open source e-commerce web application, experiences an issue due to improper use of its validation framework. No workarounds are currently...
EUVD-2026-14704
Use After Free vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/mm modules. This vulnerability is associated with program files rmap.C. This issue affects Echo-Mate: before V250329...
CVE-2026-29840
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering...
Tabs Mail Carrier 缓冲区错误漏洞
Tabs Mail Carrier is an email server software for email sending and mailing list management developed by the Tabs company. Version 2.5.1 of Tabs Mail Carrier contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the MAIL FROM SMTP command, which could allow a...
JIZHICMS 安全漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. JIZHICMS versions 2.5.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by insufficient input cleaning in the publish function of the app/home/c/UserController.php file,...
File Thingie 安全漏洞
File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from the improper handling of the function for creating folders from URLs. This vulnerability may lead to directory traversal attacks...
Jenkins 安全漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.554 and earlier, as well as LTS 2.541.2 and earlier, have security vulnerabilitie...
CVE-2026-4185
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...
CVE-2025-69768
The provided connected documents confirm a concrete vulnerability in Chyrp: SQL Injection in the Admin.php component affecting Chyrp v2.5.2 and earlier. The root cause is an SQLi flaw in Admin.php that could allow a remote attacker to obtain sensitive information. The CVSS details from the Initia...
Anchore Enterprise SQL注入漏洞
Anchore Enterprise is a container image security analysis and compliance management platform developed by Anchore Company in the United States. Versions of Anchore Enterprise prior to 5.25.1 contained a SQL injection vulnerability. This vulnerability stemmed from the GraphQL Reports API’s SQL...
ALSA-2026:4455 Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...
CVE-2026-27326
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...
CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...
CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.9...
Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
CVE-2026-25008
The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...