CVE-2026-33273

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...

CVE-2026-33273

CVE-2026-33273 affects MATCHA INVOICE, versions 2.6.6 and earlier. The issue is an unrestricted upload vulnerability (CWE-434) that could allow an administrator to create arbitrary files on the server, potentially enabling arbitrary code execution. Public reports in JVN, NVD, CVE records, and thi...

Oracle Linux 8 : mysql:8.4 (ELSA-2026-6391)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6391 advisory. mecab mecab-ipadic mysql 8.4.8-1 - Rebase to 8.4.8 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PT-2026-23767

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

PT-2025-45306

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action

Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...

WordPress plugin OPSI Israel Domestic Shipments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress String Locator plugin <= 2.6.6 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin String locator versions = 2.6.6...

WordPress plugin String locator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Open5GS Security Vulnerabilities

Open5GS is an open source C implementation of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in open5gs version v2.6.6, which stems from the fact that SIGPIPE can crash AMF...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2022-30230

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions...

CVE-2022-26631

creationtimestamp| type| source ---|---|--- 2022-04-06 15:10:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1877 2022-04-18 18:23:22+00:00| seen| https://t.me/cibsecurity/41010...

Dell Vnx2 Oe For File 操作系统命令注入漏洞

Dell Vnx2 Oe For File is an operating environment from Dell USA. A remote code execution vulnerability exists in Dell Vnx2 Oe For File version 8.1.21.266 and earlier. An attacker could exploit this vulnerability to execute commands on the system...

AZL-6437 CVE-2021-27218 affecting package glib for versions less than 2.60.1-5

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...

Wireshark Null Pointer Dereference Vulnerability (CNVD-2019-18501)

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A null pointer dereference vulnerability exists in the TCAP parser in Wireshark versions...