FortiWeb - Authentication Bypass

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

PT-2026-36803

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.3 Description A buffer overflow exists in the FBX Importer. The issue occurs within the aiMaterial::AddBinaryProperty function, where a property key string from a specially crafted FBX file is copied into a...

PT-2026-36316

Name of the Vulnerable Software and Affected Versions MacCMS Pro versions prior to 2022.1.4 Description A weakness in the Plugin Installation Handler component allows for unrestricted file upload. This issue occurs within the install function of the file '/admi.php/admin/addon/add.html' and can b...

PT-2026-20239

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software uses hard-coded user credentials, potentially allowing a remote attacker to obtain sensitive information or perform unauthorized actions. Recommendations Update to a version...

PT-2026-20240

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert versions 1.0.0 through 2.1.0 may allow an attacker to obtain sensitive information. This is due to improper clearing of heap memory, potentially enabling a man-in-the-middle...

PT-2026-20244

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software is susceptible to cross-site request forgery, potentially enabling an attacker to perform unauthorized actions on behalf of a trusted user. The affected component is the Z hub...

PT-2026-20213

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software uses cryptographic algorithms that are not strong enough, potentially allowing an attacker to decrypt sensitive information. Recommendations Update to a version beyond 2.1.0. At...

Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Cross-Site Scripting

The Plugin Oficial – Getnet para WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on the 'page' parameter. This makes it possible for unauthenticated attackers to...

PT-2026-5876

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to unauthorized user suspension. This occurs because of a missing capability chec...

PT-2026-6057

Name of the Vulnerable Software and Affected Versions WP FOFT Loader plugin for WordPress versions through 2.1.39 Description The WP FOFT Loader plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the WP FOFT Loader Mimes::file and ext...

PT-2026-2026

Name of the Vulnerable Software and Affected Versions MediaWiki - CampaignEvents extension versions 1.39 through 1.45 Description A missing authorization flaw exists in the Wikimedia Foundation MediaWiki - CampaignEvents extension, potentially allowing privilege abuse. The issue relates to the...

PT-2026-1967

Name of the Vulnerable Software and Affected Versions MediaWiki - UploadWizard extension versions 1.39 through 1.45 Description The MediaWiki - UploadWizard extension contains a flaw related to improper input neutralization during web page generation, which could allow for Cross-Site Scripting XS...

PT-2026-1427

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized data loss. This...

PT-2026-1417

Name of the Vulnerable Software and Affected Versions Phlox theme for WordPress versions through 2.17.7 Description The Phlox theme for WordPress is susceptible to Stored Cross-Site Scripting through the data-caption HTML attribute. Insufficient input sanitization and output escaping allow...

PT-2026-1465

Name of the Vulnerable Software and Affected Versions e-plugins JobBank versions through 1.2.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to...

PT-2026-1265

Name of the Vulnerable Software and Affected Versions Themify Shopo versions through 1.1.4 Description An unrestricted file upload issue exists in Themify Shopo, allowing the upload of a web shell to a web server. This allows for remote code execution. The vulnerability involves the upload of fil...

PT-2026-1188

Name of the Vulnerable Software and Affected Versions CRMEB versions up to 5.6.1 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from a SQL injection vulnerability within the /adminapi/export/product list file. Specifically, manipulating the cate id...

PT-2026-1137

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Description A weakness exists in the Nuvation Energy Multi-Stack Controller MSC that allows Signature Spoofing by Key Theft due to insufficiently protected credentials. This cou...

PT-2025-53913

Name of the Vulnerable Software and Affected Versions Mikado-Themes FiveStar versions through 1.7 Description An authorization bypass exists in Mikado-Themes FiveStar due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key...