EUVD-2026-33853

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2

Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 release...

WordPress plugin Zohocorp Zoho Mail 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Unity Linux 20.1060e / 20.1070e Security Update: apr (UTSA-2026-016610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016610 advisory. When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be...

CVE-2026-1816

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

EUVD-2026-31288

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1815

TEİAŞ Mobile Application is affected by an Insufficient session expiration vulnerability (CVE-2026-1815) that enables session hijacking. Affected versions are 1.6.2 up to

PT-2026-42474

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

PT-2026-42475

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

TEİAŞ Mobile Application 安全漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 contained security vulnerabilities. These vulnerabilities were due...

CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1

Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update

Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

EUVD-2026-15760

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...

CVE-2026-27045 WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...

PT-2026-27965

Name of the Vulnerable Software and Affected Versions WooCommerce Infinite Scroll versions through 1.6.2 Description The software contains a flaw related to the deserialization of untrusted data, which can lead to object injection. Recommendations Update WooCommerce Infinite Scroll to a version...

EUVD-2026-13714

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...

CVE-2026-22895

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...

CVE-2026-22895

QuFTP Service exposes an XSS vulnerability (CVE-2026-22895). The issue is triggered when an attacker with administrator access can exploit it to bypass security controls or read application data. Affected versions are QuFTP Service 1.4.3 and earlier, 1.5.1 and earlier according to the fixes, with...

CVE-2026-22895

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...