PT-2026-25503

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-2074

A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /xprogramcenter/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is...

PT-2026-6875

Name of the Vulnerable Software and Affected Versions O2OA versions prior to 9.0.0 Description A flaw exists in O2OA up to version 9.0.0 related to XML external entity reference. The issue is located within the HTTP POST Request Handler component, specifically in the file /x program...

PT-2025-51443

Name of the Vulnerable Software and Affected Versions Stefano Lissa Newsletter versions through 9.0.9 Description A flaw exists in Stefano Lissa Newsletter that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This issue could potentially...

CVE-2025-13780 Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

EUVD-2025-169296

pgAdmin4 vulnerable to Remote Code Execution RCE when running in server mode...

EUVD-2025-33815

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-57942

Cross-Site Request Forgery CSRF vulnerability in andymoyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a through = 9.3...

PT-2025-38309

Name of the Vulnerable Software and Affected Versions ABB FLXEON versions through 9.3.5 Description An improper input validation issue exists in ABB FLXEON, potentially leading to remote code execution. Recommendations Update to a version later than 9.3.5...

CVE-2025-32149

CVE-2025-32149 affects the WordPress plugin teachPress (up to 9.0.11). The issue is an SQL injection caused by improper neutralization of input in the plugin, with exploitation requiring authentication (Contributor+). Current references indicate the patch status is Unpatched; no exploits or in-th...