PT-2026-47869

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper input validation allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

SAP Business Objects Business Intelligence Platform 访问控制错误漏洞

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance solutions provided by the German company SAP. This product includes features such as report generation, analysis, and data visualization. There is an access control...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Windows 11...

WordPress plugin WpMobi 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Microsoft Azure 输入验证错误漏洞

Microsoft Azure is an open enterprise-level cloud computing platform provided by Microsoft Corporation in the United States. The Microsoft Azure Attestation service and Device Health Attestation Service have vulnerabilities related to input validation. Attackers can exploit these vulnerabilities ...

SolarWinds Observability Self-Hosted 输入验证错误漏洞

SolarWinds Observability Self-Hosted is an observability platform developed by the American company SolarWinds. SolarWinds Observability Self-Hosted has a vulnerability related to input validation errors. This vulnerability arises when attackers can provide a specially crafted external URL,...

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a...

WordPress plugin Helpfulcrowd Product Reviews 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-47748

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with write access to the form definition database table can directly create, update, or delete form definition records using the DataHandler. This process bypasses the Form...

PT-2026-47721

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

PT-2026-47821

Name of the Vulnerable Software and Affected Versions NETGEAR devices affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to tamper with the router's integrity...

PT-2026-47857

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows 11...

Adobe Experience Manager 输入验证错误漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Microsoft DWM Core Library 输入验证错误漏洞

The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a vulnerability in input validation of the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...

PT-2026-47682

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2 Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

PT-2026-48270

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 Description Improper input validation allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access. This issue does not require user interaction to be...

PT-2026-48315

🚨 CVE-2026-41706 Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the...

PT-2026-48342

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...