PT-2026-45672

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

WordPress Simple Divi Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Divi Shortcode versions = 1.2...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +201 more potentially affected by CVE-2026-44201 via wagtail (>=1.0.0 <=7.0.0)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...

WordPress Google PageRank Display plugin <= 1.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Google PageRank Display versions = 1.4...

CVE-2026-6785

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

CVE-2026-33532

Summary: CVE-2026-33532 affects the yaml JavaScript library. The vulnerability is in the compose/resolve phase of the parser, where a recursive call path without a depth bound can cause a RangeError: Maximum call stack size exceeded when parsing YAML input (typical payload ~2–10 KB). This can lea...

CVE-2025-10685

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

WordPress plugin myLinksDump SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress plugin Special Box for Content 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.5...

CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

WordPress plugin Verdure 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

DouPHP 代码问题漏洞

DouPHP is an enterprise website building system developed by DouPHP Company in China. Versions of DouPHP 1.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter sqlfilename in the file admin/file.php, which could lead to arbitrary fil...

PT-2026-6634

Name of the Vulnerable Software and Affected Versions Edimax BR-6258n versions up to 1.18 Description A flaw exists in the formStaDrvSetup function within the /goform/formStaDrvSetup file. Manipulation of the submit-url argument can lead to an open redirect. This issue can be exploited remotely...

WordPress Bitcoin Donate Button plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bitcoin Donate Button versions = 1.0...

WordPress plugin: “Moderate Selected Posts” – Cross-Site Request Forgery vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...