Aggregator

A vulnerability identified as critical has been detected in ThemeREX Tiger Claw Plugin up to 1.1.14 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is referenced as CVE-2026-28061. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Brainstorm_Force Ultimate Addons for WPBakery Page Builder Plugin up to 3.21.1 on WordPress. It has been classified as critical. Affected is an unknown function. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2026-28038. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in Astoundify Listify Plugin up to 3.2.5 on WordPress. This impacts an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-28042. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in ashanjay EventON Plugin up to 4.9.12 on WordPress. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-28037. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in SkatDesign Ratatouille Plugin up to 1.2.6 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2026-28036. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been declared as critical. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. This vulnerability is identified as CVE-2026-3711. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been classified as critical. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. This vulnerability is referenced as CVE-2026-3710. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0 and classified as critical. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The identification of this vulnerability is CVE-2026-3709. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0 and classified as critical. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. This vulnerability was named CVE-2026-3708. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-3707. Local access is required to approach this attack. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

Submit #766309 / VDB-349657

Submit #766298 / VDB-349656

A vulnerability, which was classified as problematic, has been found in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. This vulnerability is handled as CVE-2026-3706. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

Submit #766142 / VDB-349655

Submit #766138 / VDB-349654

Submit #765972 / VDB-349653

Submit #765933 / VDB-349652

Конфиденциальность стала разменной монетой в чужой игре.

A vulnerability classified as critical was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. This vulnerability is known as CVE-2026-3705. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. This vulnerability is traded as CVE-2026-3704. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.