CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

Digital Arts FinalCode Client 安全漏洞

Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts Inc. The Digital Arts FinalCode Client Ver.5 series and Ver.6 series contain security vulnerabilities. These vulnerabilities stem from incorrect default permissions, which...

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

WordPress plugin FAT Services Booking SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Trend Micro Cloud Edge 命令注入漏洞

Trend Micro Cloud Edge is a cloud security solution from Trend Micro designed to protect an organization's cloud infrastructure, applications and data. A security vulnerability exists in Trend Micro Cloud Edge versions 5.6SP2 and 7.0 that stems from the presence of a command injection vulnerabili...

WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

PT-2023-21579 · WordPress · Woocommerce Payments

Name of the Vulnerable Software and Affected Versions: WooCommerce Payments plugin for WordPress versions 5.6.1 and lower Description: An issue in the WooCommerce Payments plugin for WordPress allows an unauthenticated attacker to send requests on behalf of an elevated user, such as an...

SUSE CVE-2014-6463

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML...

SUSE CVE-2017-3257

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

PT-2022-26080 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin versions = 5.6.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta, which stems from a fault...

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

HCL Connections Cross-Site Scripting Vulnerability (CNVD-2020-16627)

HCL Connections is social networking software designed for the workplace to help you build dynamic networks that connect you to the people and information you need to achieve your business goals. A cross-site scripting vulnerability exists in HCL Connections 5.5, 6.0, and 6.5. An attacker can...

PT-2019-3725 · Mysql Server +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.45 and prior MySQL Server versions 5.7.27 and prior Description: The issue is related to a lack of protection for service data in the MySQL Server product, specifically in the Server: Security: Encryption component...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2019-07325)

IBM Rational Quality Manager is the collaborative center for business-driven software and system quality across virtually any platform and any type of test. The software helps teams seamlessly share information, use automation to accelerate projects, and report metrics for targeted release...