WordPress Simple Divi Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Divi Shortcode versions = 1.2...

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

MineAdmin Access Control Vulnerability

MineAdmin is an open-source permission management system developed by MineAdmin. Versions 1.x and 2.x of MineAdmin contain access control vulnerabilities, which stem from improper handling of the Swagger component. These vulnerabilities could lead to information leaks...

CVE-2025-36150 IBM Concert Information Disclosure

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-36159

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...

IBM Concert Software 安全漏洞

IBM Concert Software is an application lifecycle risk identification software from International Business Machines IBM. A security vulnerability exists in IBM Concert Software versions 1.0.0 through 2.0.0 that originates from a remote attacker who can hijack a victim's click-through action...

CVE-2025-36160

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

EUVD-2025-198299

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

CVE-2025-36085

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2017-6736

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

PT-2006-4418 · Invision · Invision Power Board

Name of the Vulnerable Software and Affected Versions: Invision Power Board versions 1.x through 2.x Description: Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via various parameters in different actions in index.php and coins list.php. The...