CVE-2026-7064

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the lack of object-level authorization for the /candidate/ and /interview/ endpoints. As a...

EUVD-2026-23179

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail...

CVE-2025-56015

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.2 of FUEL CMS has a security vulnerability, which stems from an issue in the Blocks module where authenticated remote code execution is possible...

CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2017-20224

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

CVE-2026-29771

Netmaker (WireGuard-based) prior to version 1.2.0 is affected: the /api/server/shutdown endpoint can terminate the Netmaker server process via syscall.SIGINT, enabling an attacker to repeatedly shut down the server and trigger cyclic denial of service with ~3-second restarts. This vulnerability i...

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

CVE-2026-27326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...

Oracle Linux 9 : nginx:1.24 (ELSA-2026-3638)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3638 advisory. - Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-84480 -...

WordPress Wabi-Sabi theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wabi-Sabi versions = 1.2...

WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

WordPress TopScorer - Sports WordPress Theme theme = 1.2 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme TopScorer - Sports WordPress Theme versions = 1.2...

CVE-2026-26063

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networ...

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity,...

WordPress Newsletter Popup plugin <= 1.2 - Subscriber Deletion via CSRF vulnerability

Subscriber Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...

CVE-2026-1391

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...