CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2934

YiFang CMS (up to 2.0.5) is affected in the Extended Management Module by a vulnerability in the update function of file app/db/admin/D_friendLinkGroup.php. The issue arises from manipulation of the Name parameter, enabling cross site scripting (XSS). Attacks can be initiated remotely, and public...

CVE-2026-2933 YiFang CMS Extended Management D_adManage.php update cross site scripting

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

PT-2026-21420

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

WordPress plugin WP Quick Contact Us 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

Ruoyi security vulnerabilities

Ruoyi is a backend management system developed by Ruoyi’s individual developer. The Ruoyi v4.8.2 version has a security vulnerability, which stems from improper access control in the update function. This vulnerability could allow unauthorized attackers to modify data beyond its intended scope...

CVE-2025-70985

CVE-2025-70985 affects RuoYi v4.8.2 and is due to incorrect access control in the update function, enabling unauthorized users to modify data outside their scope. Multiple sources (NVD, Red Hat, CIRCL, OSV, CVE listing) confirm the issue and its impact as data alteration with high severity (CRITI...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

PT-2026-4523

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An access control issue exists in the update function of the software. This allows unauthorized modification of data beyond the intended scope. Recommendations Update to a newer version that contains a fix for...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001910)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001910 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...