68 matches found
EUVD-2026-38684
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...
EUVD-2026-36541
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...
CLEANSTART-2026-OH43332 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-4f99-4q7p-p3gh applied in versions: 0.10-r0, 0.10-r1, 0.10-r2, 0.10-r3, 0.10-r4, 0.10-r5, 0.11-r0
Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions of Redis, a integer overflow bug in the 32-bit Redis version 4.0 or newer can be exploited to corrupt the heap, potentially leading to remote code execution. Redis 4.0 or newer includes a configurable lim...
CVE-2026-25026
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...
WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...
libssh 缓冲区错误漏洞
libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. Versions of libssh prior to 0.11.3 have a buffer error vulnerability...
FileZen vulnerable to OS command injection
Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...
WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme AdForest versions = 6.0.11...
MiracleLinux 3 : elinks-0.11.1-6AXS3.1 (AXSA:2009-406:01)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2009-406:01 advisory. Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage...
PT-2025-54385
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...
CVE-2025-8961 affecting package libtiff for versions less than 4.6.0-11
CVE-2025-8961 affecting package libtiff for versions less than 4.6.0-11. A patched version of the package is available...
CVE-2025-56526
CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...
CVE-2025-54560
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...
PT-2025-46987
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A flaw exists in the Application Server of Desktop Alert PingAlert that can lead to the disclosure of technical information via stack traces. Recommendations Update to a...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook URLs which are not validated. An attacker can access internal services, private networks, or cloud metadata endpoints by configuring malicious webhook URLs. PoC ssh localhost webhook crea...
BIT-TOMCAT-2025-61795 Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS
Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...
CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function...