CVE Brief Security Intelligence

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to improper access control, allowing unauthorized modification of payment status updates.

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3

The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0

A security flaw has been identified in Softland FBackup up to version 9 that could allow for unauthorized access or data manipulation.

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3

IBM Db2 version 11 for Linux, UNIX, and Windows is affected by a security vulnerability that could lead to unauthorized system access.

NetApp StorageGRID versions prior to 11 contain a security vulnerability that could impact the integrity of object storage environments.

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6

The WowRevenue plugin for WordPress contains a missing capability check in its installation function, allowing unauthorized users to install and activate arbitrary plugins.

The WP Maps plugin for WordPress is vulnerable to Local File Inclusion (LFI) in versions up to 4, allowing attackers to access sensitive server-side files.

phpgurukul Student Management System 1

Improper authentication within Microsoft Windows Admin Center enables an authorized attacker to escalate privileges via network access. This flaw facilitates unauthorized administrative control.

Use After Free vulnerability in Apache Arrow C++

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux

An authentication bypass vulnerability in the application's API allows unauthenticated attackers to create unauthorized administrative accounts, leading to full system compromise.

Unrestricted file uploads in IBM DataStage on Cloud Pak for Data allow authenticated users to execute arbitrary commands and access sensitive information.

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted

A high-severity security vulnerability has been identified in IBM DataStage on Cloud Pak for Data 5, potentially allowing unauthorized access or system compromise.

A security vulnerability in IBM Concert 1 could allow for unauthorized actions or data exposure, impacting the overall security posture of the application.

Heap buffer overflow in libvpx

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7

SmarterTools SmarterMail is vulnerable to Cross-Site Scripting (XSS) via MAPI requests in versions prior to 9526, potentially allowing session hijacking.

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0

A vulnerability has been found in Beetel 777VR1 up to 01

jizhicms 2

An issue in Datart v1

A Reflected Cross-Site Scripting (XSS) vulnerability in ENOVIAvpm Web Access allows attackers to execute arbitrary scripts in a user's browser session.

Malwarebytes AdwCleaner before v

A high-severity security flaw has been identified in the Intelbras VIP 3260 Z IA 2 camera, which could permit unauthorized access or system interference.

A Use of Uninitialized Variable vulnerability in SOLIDWORKS eDrawings allows arbitrary code execution when a user opens a specially crafted EPRT file.

An Out-Of-Bounds Read vulnerability in SOLIDWORKS eDrawings can lead to arbitrary code execution when processing a maliciously crafted EPRT file.

An Out-Of-Bounds Write vulnerability in the EPRT file reading procedure of SOLIDWORKS eDrawings allows for arbitrary code execution via crafted files.

Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions

Mattermost Desktop App versions 6 and earlier are affected by a high-severity vulnerability that could compromise the security of the communication platform.

Crypt::URandom versions from 0

A high-severity vulnerability exists in the zhanghuanhao LibrarySystem through version 1, potentially allowing for unauthorized system access.

A weakness has been identified in Huace Monitoring and Early Warning System 2

A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3

Smoothwall Express 3

Smoothwall Express 3

Smoothwall Express 3

A high-severity security vulnerability has been detected in Wavlink WL-NU516U1 devices, affecting firmware versions up to 130 and 260.

A security vulnerability has been identified in the Wavlink WL-NU516U1 firmware version 20251208, posing a risk to device integrity.

A flaw has been found in Wavlink WL-NU516U1 up to 20251208