EUVD-2026-20139

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through = 2.0.8...

Collabora Online 授权问题漏洞

Collabora Online is an application software developed by the British company Collabora. It is a powerful online office suite based on LibreOffice, supporting all major document, spreadsheet, and presentation file formats. There were authorization issues in versions of Collabora Online prior to...

CVE-2026-24377

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

EUVD-2025-205230

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through = 5.0.3...

EUVD-2024-44941

Malicious code in bioql PyPI...

WordPress plugin WP Extended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

SQL Injection

github.com/stashapp/stash is vulnerable to SQL Injection. The vulnerability is caused due to not validating the values provided in the sort parameter while executing SQL query. This can lead to attacker retrieving data from database or can change values in the database tables...

CVE-2024-3750

CVE-2024-3750 affects Visualizer: Tables and Charts Manager for WordPress. Root cause: missing capability check in getQueryData() across all versions up to 3.10.15, enabling authenticated users with subscriber-level access and above to run arbitrary SQL queries, with potential privilege escalatio...

GHSA-FGXV-GW55-R5FQ Authorization Bypass Through User-Controlled Key in go-zero

Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...

Schneider Electric SoMachine Basic

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SoMachine Basic Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may result in...

destoon b2b system all version SQL injection vulnerability analyses reference exp-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...