WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

EUVD-2026-33047

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

CVE-2026-8245

Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...

BIT-JAVA-MIN-2021-2388

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...

PT-2026-34113

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

PT-2026-30607

Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A flaw exists in the fromNatStaticSetting function within the /goform/NatStaticSetting file of the Tenda CX12L. Manipulation of the page argument can trigger a stack-based buffer overflow, potentiall...

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

AZL-72307 CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

Open Redirect Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-26159

This High severity vulnerability known as CVE-2023-26159 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

WordPress Kallyas Theme <= 4.24.0 is vulnerable to Remote Code Execution (RCE)

Software Kallyas Type Theme Vulnerable versions = 4.24.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2025-6990 Patch priority Medium CVSS severity Medium 8.8 Developer EPC PSID fef69fa1779b Credits stealthcopter Required privilege Contributor Published...

EUVD-2021-14255

Malware in sbrugna...

WordPress Blocksy Companion plugin <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Blocksy Companion versions = 2.1.14...

EUVD-2025-4392

Malicious code in bioql PyPI...

CVE-2025-52037

A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 409b4cb6ad34 Credits Ananda Dhakal Patchstack Required privilege...

PT-2025-32259 · Undefined · Undefined

CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution CVE ID : CVE-2025-54980 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-31770 · Undefined · Undefined

CVE-2025-54841 - Apache Struts SQL Injection CVE ID : CVE-2025-54841 Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-31769 · Undefined · Undefined

CVE-2025-54840 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54840 Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

VLAI: a RoBERTa-Based Model for Automated Vulnerability Severity Classification

This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling fast...