CVE-2026-1756

The CVE-2026-1756 entry concerns the WordPress WP FOFT Loader plugin. Affected versions up to and including 2.1.39 allow arbitrary file uploads due to incorrect validation in WP_FOFT_Loader_Mimes::file_and_ext, enabling authenticated users with Author-level access or higher to upload arbitrary fi...

WordPress plugin WP FOFT Loader 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Exploit for OS Command Injection in Gnu Mailman

CVE-2025-43920: Command Injection via Email Subject in GNU Mai...

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

PT-2025-17399 · Unknown · Gnu Mailman

Name of the Vulnerable Software and Affected Versions: GNU Mailman version 2.1.39 Description: GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the "/mailman/create" endpoint. Recommendations: For GNU Mailman version 2.1.39, consider disabling...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. Remediation Upgrade...