🚨 CVE-2026-1927
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve global plugin settings including stored AI API keys and modify plugin settings, including the injection of arbitrary web scripts via the 'custom_css' value (stored XSS). NOTE: This vulnerability was partially patched in version 12.6.
🎖@cveNotify
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve global plugin settings including stored AI API keys and modify plugin settings, including the injection of arbitrary web scripts via the 'custom_css' value (stored XSS). NOTE: This vulnerability was partially patched in version 12.6.
🎖@cveNotify
🚨 CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
🎖@cveNotify
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
🎖@cveNotify
GitHub
fix: preserve nested archives which fail to extract (#1383) · chainguard-dev/malcontent@356c566
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
🚨 CVE-2026-28408
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
🎖@cveNotify
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
🎖@cveNotify
GitHub
Lack of authentication verification in adicionar_tipo_docs_atendido.php
### Summary
The script in the mentioned file does not go through the project's central controller and does not have its own authentication and permission checks.
### Details
A malicious ...
The script in the mentioned file does not go through the project's central controller and does not have its own authentication and permission checks.
### Details
A malicious ...
🚨 CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.
🎖@cveNotify
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.
🎖@cveNotify
GitHub
Remote Code Execution (RCE) via OS Command Injection
### Summary
A critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obta...
A critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obta...
👍1
🚨 CVE-2022-24298
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
🎖@cveNotify
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
🎖@cveNotify
GitHub
How to report a security issue? · Issue #391 · FreeOpcUa/freeopcua
We would like to responsibly report on a vulnerability we found in freeopcua (cpp). Where should we send our detailed report? Additionally I would like to suggest adding a security policy to the re...
🚨 CVE-2023-31819
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
🎖@cveNotify
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
🎖@cveNotify
🚨 CVE-2026-27743
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input validation or parameterization. The endpoints do not enforce authorization checks and do not use SPIP action protections such as securiser_action(), allowing remote attackers to execute arbitrary SQL queries.
🎖@cveNotify
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input validation or parameterization. The endpoints do not enforce authorization checks and do not use SPIP action protections such as securiser_action(), allowing remote attackers to execute arbitrary SQL queries.
🎖@cveNotify
SPIP Blog
Mise à jour de sécurité : sortie de SPIP 4.4.10 – SPIP Blog
La version 4.4.10 apporte des corrections de bugs et corrige trois failles de sécurité. Un grand merci à Arthur Deloffre (Vozec), Louka Jacques-Chevallier (Laluka) et Oreo pour les signalements. Par…
🚨 CVE-2026-25147
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid = ($_REQUEST['hidden_patient_code'] ?? null) > 0 ? $_REQUEST['hidden_patient_code'] : $pid`) instead of being fixed to the authenticated portal user. The portal session already has a valid `$pid` for the logged-in patient. Overwriting it with user-supplied values and using it without authorization allows a portal user to view and interact with another patient's demographics, invoices, and payment history—horizontal privilege escalation and IDOR. Version 8.0.0 contains a fix for the issue.
🎖@cveNotify
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid = ($_REQUEST['hidden_patient_code'] ?? null) > 0 ? $_REQUEST['hidden_patient_code'] : $pid`) instead of being fixed to the authenticated portal user. The portal session already has a valid `$pid` for the logged-in patient. Overwriting it with user-supplied values and using it without authorization allows a portal user to view and interact with another patient's demographics, invoices, and payment history—horizontal privilege escalation and IDOR. Version 8.0.0 contains a fix for the issue.
🎖@cveNotify
GitHub
Merge commit from fork · openemr/openemr@d6ab3cd
* fix(security): prevent portal patient pid override in payment endpoint
In portal context, ignore user-supplied pid from request parameters
and form inputs. The session-derived pid is authoritati...
In portal context, ignore user-supplied pid from request parameters
and form inputs. The session-derived pid is authoritati...
🚨 CVE-2026-27752
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27753
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate limiting restrictions to gain unauthorized access to the device management interface.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27754
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies and gain unauthorized access to the device.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass authentication without completing the login flow, gaining unauthorized access to the device.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27756
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27757
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2026-27758
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.
🎖@cveNotify
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers can craft malicious requests that execute unauthorized configuration or administrative actions with the victim's privileges when the authenticated user visits a malicious webpage.
🎖@cveNotify
Sodola Networks
SODOLA 6 Port 2.5G Easy Web Managed Switch, 4 x 2.5G Base-T Ports, 2 x 10G SFP, ,Static Aggregation/QoS/VLAN/IGMP, 2.5Gb Network…
Speed Unleashed:6-Port 2.5GbE Switch features with 4X100/1000/2500M RJ45 ports + 2X10G SFP+ ports for lightning-fast 2.5Gb network connectivity. Static Aggregation:Static aggregation boosts throughput and redundancy, ensuring seamless device connections.(Tip:…
🚨 CVE-2023-31068
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
🎖@cveNotify
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2023-31069
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
🎖@cveNotify
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2026-28269
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.
🎖@cveNotify
Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Version 9.2.0 contains a patch.
🎖@cveNotify
GitHub
[Core] Kiteworks Core before 9.2.0 has an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
### Description
A vulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwri...
A vulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwri...
🚨 CVE-2026-3264
A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE-Free-CRM-Advisories/Free-CRM Privilege Escalation via Client-Side Redirect Authorization Bypass.md at main · Ghufran2/CVE-Free…
Contribute to Ghufran2/CVE-Free-CRM-Advisories development by creating an account on GitHub.
🚨 CVE-2026-3265
A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE-Free-CRM-Advisories/Free-CRM IDOR.md at main · Ghufran2/CVE-Free-CRM-Advisories
Contribute to Ghufran2/CVE-Free-CRM-Advisories development by creating an account on GitHub.
🚨 CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
🎖@cveNotify
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
🎖@cveNotify