EUVD-2026-36864

Subscriber Sensitive Data Exposure in XCloner = 4.8.6 versions...

EUVD-2026-35040

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

GL.iNet多款产品 加密问题漏洞

GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...

CVE-2026-41687

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

CVE-2026-42758 WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

Unity Linux 20.1060e / 20.1070e Security Update: screen (UTSA-2026-017641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017641 advisory. encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly have unspecified...

CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

RHCOS 4 : OpenShift Container Platform 4.8.15 (RHSA-2021:3820)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory. - jenkins: improper permission checks allow canceling queue items and aborting builds CVE-2021-21670 - jenkins: session fixation...

CVE-2026-40797

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

EUVD-2026-26398

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

WordPress plugin HM Books Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-33458

Name of the Vulnerable Software and Affected Versions lukevella rallly versions prior to 4.8.0 Description A flaw in the Reset Password Handler component within the file 'apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx' allows for remote cross site scripting. This...

CVE-2025-13364 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

PT-2026-33273

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put wpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping o...

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

DEBIAN-CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...