CVE-2026-22330 WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

CVE-2025-14773

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

ABB T-MAC Plus 跨站脚本漏洞

ABB T-MAC Plus is a shipboard equipment status monitoring and predictive maintenance management system developed by the Swiss company ABB. Version 4.0-24 of ABB T-MAC Plus contains a cross-site scripting vulnerability, which stems from improper input handling and may lead to cross-site scripting...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

CVE-2026-8220 Devs Palace ERP Online customer-save cross site scripting

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...

Moodle 跨站脚本漏洞

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. Version 4.0 of Moodle has a cross-site scripting vulnerability. This vulnerability stems from the search parameters...

@builder-builder/builder (>=0.0.7 <=0.0.26), @carrierllc/mcp (>=0.2.0 <=0.2.16) +76 more potentially affected by CVE-2026-42349 via @clerk/shared (>=4.0.0 <=4.8.3-snapshot.v20260421194054)

@clerk/shared NPM version =4.0.0, =0.0.7, =0.2.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =2.5.3-canary.v20260529204536 and more Source cves:...

CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

CVE-2026-30769

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios. CVE-2026-25639 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

Cohesity TranZman 安全漏洞

Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability stems from the use of weak encryption algorithms for data encryption, which may allow attackers to easi...

Cohesity TranZman 安全漏洞

Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability, which stems from an authenticated command injection attack...

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

Important Photon OS Security Update - PHSA-2026-4.0-0955

Updates of 'squid' packages of Photon OS have been released...