CVE Brief Security Intelligence

The EventPrime WordPress plugin is susceptible to PHP Object Injection, allowing authenticated subscribers to execute arbitrary code.

NEC ExpressUpdate Agent for Windows contains an access control deficiency that may allow for unauthorized system-level operations.

A security vulnerability exists in the Shenzhen Setracker2 Android application that may allow for unauthorized access or data compromise.

The Email Address Encoder WordPress plugin contains an unspecified vulnerability prior to version 1.

Apache Shiro, when used with the shiro-guice module, is susceptible to an authentication bypass via a specially crafted HTTP request.

A heap buffer overflow vulnerability exists in the wolfSSL library during the processing of DTLS 1.x packets, potentially leading to arbitrary code execution.

A security vulnerability in the wolfSSL library may allow for unauthorized access or system compromise, requiring immediate attention from security administrators.

A Remote Code Execution vulnerability exists in the Post Snippets plugin, allowing authenticated contributors to execute arbitrary code on the underlying server.

An out-of-bounds write vulnerability in the Renesas TSIP TLS 1 implementation can lead to memory corruption or arbitrary code execution.

The wolfSSL library incorrectly accepts un-negotiated Raw Public Keys in place of expected X.509 certificates, leading to authentication bypass.

A vulnerability exists in the wolfSSL library that requires immediate investigation and remediation to ensure cryptographic integrity.

A flaw in wolfSSL_PKCS7_verify() causes it to incorrectly return success for degenerate PKCS#7 objects lacking a signer.

An insufficiently protected credentials vulnerability in Schneider Electric EasyLogic T150 allows unauthenticated access to sensitive system information.

A security flaw exists within the Red Hat build of Apicurio Registry 3 that may lead to unauthorized system impacts.

WSO2 API Manager contains a vulnerability in its message flow component that fails to properly validate user-controlled input within WS-Addressing headers.

A vulnerability in APIExperts Square for WooCommerce allows for the unauthorized retrieval of sensitive information embedded within sent data.

The DICOM Web Viewer Framework contains a server-side request forgery vulnerability due to improper validation of URL parameters in the DICOMWebProxy and DICOMJSON data sources.

A SQL injection vulnerability exists in the SALESmanago & Leadoo plugin, allowing authenticated subscribers to execute arbitrary SQL commands via the application.

A SQL injection vulnerability in the WC Vendors Marketplace plugin allows authenticated subscribers to execute arbitrary database queries.

This vulnerability represents a security bypass affecting the fix for CVE-2026-34916 in Revive Adserver.

A security vulnerability has been identified in the thc-hydra authentication cracking tool, affecting all versions up to and including version 9.

A critical security vulnerability has been disclosed affecting the Maxun software prior to version 0.

A vulnerability exists in Seahub prior to version 13 that may allow for unauthorized system impact.

A high-severity security vulnerability has been identified in the pnpm package manager.

A security vulnerability has been discovered in the pnpm package manager requiring immediate attention.

A stored cross-site scripting (XSS) vulnerability in the pretix PDF editor allows execution of malicious HTML content when viewing ticket or badge layouts.

A critical vulnerability in the File Browser interface allows for potential unauthorized file manipulation and system access within the defined directory structure.

A NULL pointer dereference vulnerability in Schneider PowerLogic™ P7 devices can lead to a denial-of-service condition when processing malformed network requests.

A format string vulnerability exists in the vlsvr component of GeoVision GV-LPC2011 and GV-LPC2211, allowing for potential unauthenticated remote code execution.

An OS command injection vulnerability exists in Schneider PowerLogic P7 devices that allows authenticated users to execute arbitrary commands with elevated privileges.

A security vulnerability has been identified in the Huly Platform, necessitating immediate investigation and remediation by system administrators.

NewsBlur prior to version 14 contains a vulnerability that may allow for unauthorized system access or data manipulation.

Horner Automation Cscape versions prior to 10 are vulnerable to a high-severity security flaw potentially allowing unauthorized access.

AzeoTech DAQFactory version 21 contains a security vulnerability that may allow for unauthorized access or system impact.

A security vulnerability exists in the File Browser management interface that could potentially allow unauthorized file manipulation or system access.

A vulnerability in the Vim text editor may allow for arbitrary code execution or unauthorized system access when processing maliciously crafted files.

A cryptographic flaw in Silicon Labs SiSDK for EFR32xG27 chips results in predictable keys, potentially undermining device security and encryption.

Flowise versions prior to 3 contain a security vulnerability that requires immediate attention from administrators.

ToolJet, an open-source platform for building internal tools and AI agents, is impacted by a high-severity security vulnerability.

The filebrowser interface, used for managing files, contains a high-severity vulnerability that requires immediate remediation.

Flowise versions prior to 3 are susceptible to a security vulnerability that may expose the application to unauthorized access or manipulation.

The picklescan library through version 0 contains a security vulnerability that may allow for malicious code execution through compromised pickle files.