CVE-2026-56023

The CVE concerns the WordPress plugin “UPI QR Code Payment Gateway for WooCommerce” (versions ≤ 1.6.2). The root cause is Broken Access Control, allowing unauthorized access with low privileges over a network. Metrics indicate a CVSS v3.1 base score of 5.4 (Medium) with Privileges Required: Low, ...

WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...

EUVD-2026-33853

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

FIT2CLOUD CordysCRM 代码注入漏洞

FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD Corporation. Versions of FIT2CLOUD CordysCRM 1.6.2 and earlier contain a code injection vulnerability. This vulnerability stems from an unknown function in the file...

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2

Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 release...

WordPress plugin Zohocorp Zoho Mail 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Unity Linux 20.1060e / 20.1070e Security Update: apr (UTSA-2026-016610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016610 advisory. When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be...

EUVD-2026-31288

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1816

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1815

TEİAŞ Mobile Application is affected by an Insufficient session expiration vulnerability (CVE-2026-1815) that enables session hijacking. Affected versions are 1.6.2 up to

PT-2026-42475

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

TEİAŞ Mobile Application 安全漏洞

TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 contained security vulnerabilities. These vulnerabilities were due...

PT-2026-42474

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1

Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update

Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

EUVD-2026-15760

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...

CVE-2026-27045 WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...

PT-2026-27965

Name of the Vulnerable Software and Affected Versions WooCommerce Infinite Scroll versions through 1.6.2 Description The software contains a flaw related to the deserialization of untrusted data, which can lead to object injection. Recommendations Update WooCommerce Infinite Scroll to a version...

EUVD-2026-13714

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...