🚨 CVE-2025-59872
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
🎖@cveNotify
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL ZIE for Web is affected by a Unrestricted File Upload vulnerability (CVE-2025-59872) - Customer Support
Unrestricted File Upload vulnerability affects HCL ZIE for Web (CVE-2025-59872)
🚨 CVE-2025-60223
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
🎖@cveNotify
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
🎖@cveNotify
Patchstack
Arbitrary File Deletion in WordPress WPBot Pro Wordpress Chatbot Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity
🎖@cveNotify
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity
🎖@cveNotify
Hcl-Software
Security Bulletin: Multiple security vulnerabilities affect HCL iControl (CVE-2026-4800 and CVE-2025-62340) - Customer Support
HCL iControl is affected by multiple security vulnerabilities.
🚨 CVE-2025-69179
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
🎖@cveNotify
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
🎖@cveNotify
Patchstack
Privilege Escalation in WordPress Support Ticket Management System Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-22329
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Skillate Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-22339
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WPJobster Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-22342
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress WordPress Dating Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-25446
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Patchstack
Arbitrary File Upload in WordPress WishList Member X Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-27410
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
🎖@cveNotify
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
🎖@cveNotify
Patchstack
Deserialization of untrusted data in WordPress Slimstat Analytics Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-32967
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify