CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

PT-2026-41678

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

EUVD-2025-209888

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

CVE-2026-6644

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

EUVD-2026-20162

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

CVE-2026-39496

CVE-2026-39496 is a SQL Injection vulnerability in the WordPress plugin YayMail (YayCommerce) "yaymail" affecting versions from n/a up to and including 4.3.3. The root cause is improper neutralization of special elements used in SQL commands, leading to Blind SQL Injection. The connected records ...

CVE-2026-39496

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

WordPress plugin YayMail SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31129

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

EUVD-2026-11995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

PT-2026-25292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

PT-2026-25315

CVE-2026-225757: GetGenie WP plugin IDOR flaw all ≤4.3.2 lets unauth users access/modify/delete arbitrary objects via ID manipulation. Update to 4.3.3 now—check for leaked data. CyberSec WordPress IDOR https://t.co/HVW0fbWe9M...

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

WordPress plugin BetterDocs 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

CVE-2019-12437

In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,...

CVE-2019-12204

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...

CVE-2025-13053 A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle MITM attack, which may obtain the sensitive information of th...

EUVD-2019-0754

Malware in sbrugna...