WordPress plugin BuddyPress Groupblog 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2026-21358

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

CVE-2026-6057 Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

PT-2026-25290

CVE-2026-32446 Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPF... https://t.co/Jm5HpGMTQ9...

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2026-27112

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

CVE-2025-68005

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.3...

PT-2026-21302

Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...

CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

DB Elettronica Screen SFT DAB 600/C 访问控制错误漏洞

The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. An access control error vulnerability exists in the DB Elettronica Screen SFT DAB 600/C version 1.9.3, which stems from the fact that improper session management could result in a password...

DB Elettronica Screen SFT DAB 600/C 访问控制错误漏洞

The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. An access control error vulnerability exists in DB Elettronica Screen SFT DAB 600/C version 1.9.3, which stems from an authentication bypass that could result in an administrator password...

DB Elettronica Screen SFT DAB 600/C 访问控制错误漏洞

The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. An access control error vulnerability exists in the DB Elettronica Screen SFT DAB 600/C version 1.9.3, which stems from the fact that improper session management could lead to authenticati...

PT-2025-52706

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse th...

CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...

DB Elettronica Screen SFT DAB 授权问题漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. An authorization issue vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which stems from a flaw in session management that could lead to password changes...

DB Elettronica Screen SFT DAB 安全漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which originates from an authentication bypass in the userManager.cgx endpoint, which could lead to passwor...

GHSA-4F99-4Q7P-P3GH Logrus is vulnerable to DoS when using Entry.Writer()

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...