EUVD-2026-40103

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

CLEANSTART-2026-PM79547 Security fixes for CVE-2018-20969, CVE-2018-6952, CVE-2019-13636, CVE-2019-13638, CVE-2019-20633 applied in versions: 2.7.6-r2, 2.7.6-r4, 2.7.6-r5, 2.7.6-r6, 2.7.6-r7

Multiple security vulnerabilities affect the patch package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2026-28707

Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.6 Description A security flaw exists in Open5GS 2.7.6, specifically within the CCA Message Handler component and the smf gx cca cb/smf gy cca cb/smf s6b function. This manipulation can lead to a denial of service. The attac...

CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the storedata and getchatgptapikey functions in all versions up to, and including, 2.7.5. This makes it possible for...

CVE-2026-2522

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

EUVD-2026-5115

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...

WordPress Related Posts by Taxonomy plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'relatedpostsbytax' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Related Posts by Taxonomy versions = 2.7.6...

CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

UBUNTU-CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

WordPress Store Exporter plugin <= 2.7.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Store Exporter versions = 2.7.6...

WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Content Blocks Builder versions = 2.7.6...

PT-2024-17243 · WordPress · Newsmanapp

Name of the Vulnerable Software and Affected Versions: NewsmanApp plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'newsman subscribe widget' shortcode due to insufficient input sanitization and output...

WordPress Tutor LMS plugin <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration vulnerability

User Registration Setting Bypass to Unauthorized User Registration vulnerability discovered by 1337Wannabe in WordPress Plugin Tutor LMS versions = 2.7.6...

WordPress plugin Tutor LMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

asdlkj (=1.0.0), base-amap2 (>=0.0.0 <=3.0.0) +10 more potentially affected by CVE-2023-3691 via layui (>=0.0.1 <=2.7.6)

layui NPM version =0.0.1, =0.0.0, =0.1.1, =0.0.0, =1.0.2, =1.0.0, =0.0.8, =1.0.0-furuike-test, =3.1.76 - vporimprot =1.0.0 Source cves: CVE-2023-3691 Source advisory: OSV:GHSA-HX4H-676R-J3QP...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

rubygems: Improper verification of signatures in tarball allows to install mis-signed gem

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...