CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

EUVD-2026-20203

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

EUVD-2025-208897

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

UBUNTU-CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress B Blocks plugin <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via rgfrregistration Function vulnerability discovered by Peter Thaleikis in WordPress Plugin B Blocks versions = 2.0.6...

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A trust management issue...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a suite of FTP server software from PCMan Open Source. A security vulnerability exists in PCMan FTP Server version 2.0.7, which stems from improper handling of the component NOOP Command Handler, which may result in a buffer overflow...

TRENDnet TEW-411BRP+ 安全漏洞

The TRENDnet TEW-411BRP+ is a smart switch from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-411BRP+ version 2.07 that stems from a null pointer dereference issue in the HTTP request processing component...

CVE-2023-37933

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests...

WordPress Zoho Campaigns plugin <= 2.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Zoho Campaigns versions = 2.0.7...

B&R Industrial Automation APROL 安全漏洞

B&R Industrial Automation APROL is a production process management system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation APROL R versions prior to 4.2-07, which results in a denial of service due to insufficient checking of preconditions...

Dascom eZiosuite 代码问题漏洞

Dascom eZiosuite is a management system from the Chinese company Dascom. A security vulnerability exists in Dascom eZiosuite version 2.0.7, which can be exploited by attackers to upload arbitrary files...

DEBIAN-CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

VideoLAN VLC Media Player Cross-Site Scripting Vulnerability (CNVD-2020-08120)

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A cross-site...

Adive Framework Cross-Site Scripting Vulnerability (CNVD-2020-17024)

Adive Framework is a PHP-based MySQL database management framework . A cross-site scripting vulnerability exists in Adive Framework 2.0.7 and earlier versions, which stems from the lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute...

WordPress WP Maintenance Mode Plugin Arbitrary PHP Code Execution Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. An arbitrary PHP code...

DEBIAN-CVE-2013-7340

VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service memory consumption via a crafted playlist file...