CVE-2026-57647

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

CVE-2026-57647

CVE-2026-57647 concerns the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin, affected in versions

EUVD-2026-39762

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

Astra Linux – Vulnerability in apr-util

The integer overflow or wraparound vulnerability in the aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

CVE-2026-12530

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

CVE-2026-12530 Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

EUVD-2026-37673

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

CVE-2026-39545

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

CVE-2026-39545

The CVE-2026-39545 entry affects the WordPress Zermatt theme (versions <= 1.6.1) and describes an unauthenticated PHP Object Injection vulnerability in Zermatt

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

EUVD-2018-21903

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

Joomla! Responsive Portfolio SQL注入漏洞

Joomla! Responsive Portfolio is a Joomla! open source Joomla website portfolio extension. A SQL injection vulnerability exists in Joomla! Responsive Portfolio version 1.6.1, which stems from SQL injection of multiple filter parameters, which could lead to an authenticated attacker injecting...

WordPress plugin Contact Form Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Zermatt versions = 1.6.1...

smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

EUVD-2026-15633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uixthemes Motta Addons motta-addons allows Reflected XSS.This issue affects Motta Addons: from n/a through 1.6.1...