184462 matches found
PT-2026-57516
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...
PT-2026-57521
A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...
PT-2026-57529
A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub 43F2C4 of the file /goform/tools nslookup of the component DNS Lookup Handler. This manipulation of the argument nslookup target/dns server causes os command injection. The attack can be initiated...
PT-2026-57524
A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...
PT-2026-57530
One of my responsible security disclosures has been assigned CVE-2026-59959. The vulnerability has been fixed, and the advisory is now public: https://t.co/8v5PsiHSCO...
PT-2026-57523
A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...
PT-2026-57528
A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub 41EC14 of the file /goform/tools nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...
PT-2026-57518
A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...
PT-2026-57520
A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...
PT-2026-57522
A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...
PT-2026-57515
A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci dss status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used...
PT-2026-57527
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub 41EC14 of the file /goform/tools nslookup of the component ssi. The manipulation of the argument nslookup target leads to buffer overflow. It is possible to initiate the attack remotely. The...
PT-2026-57525
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa ipaddr results in command injection. The attack is possible t...
PT-2026-57519
A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote...
PT-2026-57531
A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub 42026C of the file /goform/tools ddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched...
PT-2026-57526
A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao loja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be...
PT-2026-57536
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain...
PT-2026-57538
A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export date results in cross site scripting. It is possible to initiate...
PT-2026-57537
A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...
PT-2026-57539
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published an...
PT-2026-57535
A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kode produk/kd cs results in sql injection. The attack can be executed...
PT-2026-57541
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...
PT-2026-57532
A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub 41FBD0 of the file /goform/system ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The...
PT-2026-57533
A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...
PT-2026-57540
A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...
PT-2026-57534
A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...
PT-2026-57431
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
PT-2026-57460
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57449
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57423
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve setOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-lev...
PT-2026-57453
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57409
The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
PT-2026-57473
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57470
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57452
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57459
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57430
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...
PT-2026-57374
The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-57391
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b width map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
PT-2026-57381
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get type template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
PT-2026-57405
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...
PT-2026-57394
The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk clear cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...
PT-2026-57406
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfm product archive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
PT-2026-57407
The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...
PT-2026-57417
The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...
PT-2026-57385
The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
PT-2026-57401
The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-57419
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
PT-2026-57422
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
PT-2026-57383
The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the pgc sgb render...