Aggregator

Submit #755304 / VDB-347333

A vulnerability has been found in Shared Files Plugin up to 1.7.19 on WordPress and classified as critical. The impacted element is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-34438. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in SecuPress Free Plugin up to 2.2.5.3 on WordPress. Affected by this issue is some unknown functionality. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2024-43228. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Nexter Blocks Plugin up to 3.3.3 on WordPress. It has been classified as problematic. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-50452. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Quiz Maker Plugin up to 6.7.1.7 on WordPress. The impacted element is the function vc_quizmaker. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-2384. The attack may be initiated remotely. There is no available exploit.

A vulnerability marked as critical has been reported in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the argument ChannelName causes sql injection. This vulnerability is registered as CVE-2026-2821. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. This vulnerability is documented as CVE-2026-2822. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. This vulnerability is reported as CVE-2026-2823. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. This vulnerability appears as CVE-2026-2824. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-2825. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Master Addons for Elementor Plugin up to 2.1.1 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument ma_el_bh_table_btn_text leads to cross site scripting. This vulnerability is traded as CVE-2026-2486. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in isaacs minimatch up to 10.2.0. Affected by this vulnerability is the function minimatch. Such manipulation of the argument Pattern leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2026-26996. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in bn.js up to 5.2.2. It has been classified as problematic. The impacted element is the function toString/divmod. Performing a manipulation results in infinite loop. This vulnerability is cataloged as CVE-2026-2739. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，了解主要内容和结构。 这篇文章主要讲述了一次日本关东地区的旅行经历，包括东京、迪士尼、镰仓等地的游玩体验。作者详细描述了每天的行程安排，如第一天的表参道、涩谷，第二天的迪士尼海洋，第三天的浅草寺、秋叶原等。此外，还提到了一些个人感受，比如爵士酒吧的经历和镰仓海边的美好时光。 接下来，我需要提取关键信息：旅行天数、主要地点、特色体验和整体感受。同时，要确保语言简洁明了，不超过100字。 最后，组织语言时要自然流畅，避免使用复杂的句式。这样用户就能快速获取文章的核心内容。 文章描述了一次日本关东地区的旅行经历，包括东京市区游、东京迪士尼海洋乐园体验、浅草寺与秋叶原探索、中目黑与代官山漫步以及镰仓海边的悠闲时光。作者分享了旅途中的点滴感受与难忘瞬间。

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. It has been classified as problematic. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. This vulnerability is identified as CVE-2026-2965. The attack can be initiated remotely. Additionally, an exploit exists. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #755225 / VDB-347332

好，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，了解主要信息。 文章讲的是OpenClaw AI机器人最近发布的新版本出现了问题。具体来说，配对状态出了问题，导致很多常规命令失效，用户必须手动处理配对文件。官方已经确认了这个BUG，并提供了临时解决方案，比如备份和重命名配对文件，然后重启网关服务。尚未升级的用户可以暂时停留在旧版本，等待修复后的版本发布。 接下来，我需要将这些信息浓缩到100字以内。要抓住关键点：新版本导致配对问题、命令失效、官方确认BUG、临时解决方案、建议用户暂时不升级。 然后组织语言，确保简洁明了。不需要使用“文章内容总结”之类的开头，直接描述即可。 最后检查字数是否符合要求，并确保信息准确无误。 OpenClaw AI机器人新版本因WebSocket补丁导致配对异常和命令失效，官方提供临时解决方案并建议用户暂留旧版本等待修复。

A vulnerability was found in higuma web-audio-recorder-js 0.1/0.1.1 and classified as problematic. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. This vulnerability is referenced as CVE-2026-2964. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Jinher OA C6 up to 20260210 and classified as critical. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. The identification of this vulnerability is CVE-2026-2963. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue. The vendor was contacted early about this disclosure but did not respond in any way.