Security Bulletin: Operator for IBM DataPower Gateway vulnerable to Denial of Service

Summary This vulnerability can allow an invalid DNS response to cause an operator crash. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and...

EUVD-2026-13003

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

PT-2026-26154

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cram decode compression header was missing. If the function return...

PT-2026-5472

Name of the Vulnerable Software and Affected Versions Simple Startup Manager version 1.17 Description Simple Startup Manager version 1.17 contains a local buffer overflow that allows attackers to execute arbitrary code. The issue occurs due to overwriting memory through the 'File' input parameter...

CVE-2025-60049

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

EUVD-2025-204168

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

CVE-2025-58927

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

CVE-2025-60049 WordPress Soleil theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

EUVD-2025-204147

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58949 WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

CVE-2025-58927

CVE-2025-58927 describes an improper filename control in the WordPress Stallion theme (versions &lt;= 1.17) that enables PHP Local File Inclusion via an improper Include/Require filename handling (a PHP Remote File Inclusion class issue). Affected product: Stallion theme for WordPress. Root cause...

CVE-2025-58923 WordPress Critique theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through = 1.17...

PT-2025-52099

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through = 1.17...

WordPress plugin Spock 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52110

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

CVE-2025-66953

CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /systemsetup.htm, /setclock.htm, /receiversetup.htm, /cal.htm?..., and /channelsetup.htm endpoints...

EUVD-2021-28780

Malicious code in bioql PyPI...

CVE-2025-58691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through = 1.17...

CVE-2025-58691 WordPress Genesis Club Lite Plugin <= 1.17 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through = 1.17...

PT-2025-38979

Name of the Vulnerable Software and Affected Versions Russell Jamieson Genesis Club Lite versions through 1.17 Description A flaw exists in Russell Jamieson Genesis Club Lite that allows for Stored Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page...