8731 matches found
WordPress plugin Business Template Blocks for WPBakery (Visual Composer) Page Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
PT-2026-21061
Name of the Vulnerable Software and Affected Versions Atarim versions through 4.2.1 Description A missing authorization issue exists in Vito Peleg Atarim atarim-visual-collaboration, allowing exploitation of incorrectly configured access control security levels. Recommendations At the moment, the...
PT-2026-21104
Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions through 1.52 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Reflected Cross-site Scripting XSS. This means an attacker...
CVE-2026-2668
A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...
CVE-2026-2669 Rongzhitong Visual Integrated Command and Dispatch Platform User delete access control
A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote...
CVE-2026-2669 Rongzhitong Visual Integrated Command and Dispatch Platform User delete access control
A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote...
CVE-2026-2669
Rongzhitong Visual Integrated Command and Dispatch Platform is identified as vulnerable in CVE-2026-2669. The affected component is the User Handler, specifically the file path /dm/dispatch/user/delete. The root cause is improper access controls caused by manipulating the argument ID, enabling re...
CVE-2026-2668 Rongzhitong Visual Integrated Command and Dispatch Platform User add access control
A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...
CVE-2026-2667 Rongzhitong Visual Integrated Command and Dispatch Platform api access control
A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code VS Code extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively...
Rongzhitong Visual Integrated Command and Dispatch Platform 访问控制错误漏洞
Rongzhitong Visual Integrated Command and Dispatch Platform is an integrated command system for emergency management and public safety developed by Rongzhitong Corporation. The Rongzhitong Visual Integrated Command and Dispatch Platform versions 20260206 and earlier contained a access control...
Rongzhitong Visual Integrated Command and Dispatch Platform 访问控制错误漏洞
Rongzhitong Visual Integrated Command and Dispatch Platform is an integrated command system for emergency management and public safety developed by Rongzhitong Corporation. The Rongzhitong Visual Integrated Command and Dispatch Platform versions 20260206 and earlier contained a access control...
PT-2026-20496
A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...
PT-2026-20497
Name of the Vulnerable Software and Affected Versions Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 Description A flaw exists in Rongzhitong Visual Integrated Command and Dispatch Platform that allows for improper access controls. The issue is related to a...
📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload
SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65716
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...
CVE-2025-65717
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...
CVE-2025-65717
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...