ZCyberNews
中文

Articles

432 articles

Three WordPress Plugins Carry Stored XSS Flaws (CVE-2021-47926-929)MEDIUM
Vulnerabilities

Three WordPress Plugins Carry Stored XSS Flaws (CVE-2021-47926-929)

CVE-2021-47926, CVE-2021-47927, and CVE-2021-47929 each carry a CVSS 6.4 stored XSS in Filterable Portfolio Gallery, WP Symposium Pro, and Contact Form to Email — authenticated...

CVE-2021-47929CVE-2021-47927CVE-2021-47926
4 min read
uBidAuction 2.0.1 Reflected XSS Flaw Lets Attackers Inject ScriptsMEDIUM
Vulnerabilities

uBidAuction 2.0.1 Reflected XSS Flaw Lets Attackers Inject Scripts

CVE-2022-50966 (CVSS 6.1): uBidAuction 2.0.1 reflected XSS in the news/manage module allows remote attackers to inject scripts via unsanitized GET parameters date_created,...

CVE-2022-50966
3 min read
WordPress 3dady Stats Plugin Stored XSS Lets Attackers Hijack SessionsMEDIUM
Vulnerabilities

WordPress 3dady Stats Plugin Stored XSS Lets Attackers Hijack Sessions

CVE-2022-50945 (CVSS 6.4): Stored XSS in WordPress 3dady real-time web stats plugin 1.0 lets authenticated attackers inject JavaScript via unsanitized input fields, enabling...

CVE-2022-50945
3 min read
WordPress Curtain Plugin CSRF Lets Attackers Toggle Maintenance ModeMEDIUM
Vulnerabilities

WordPress Curtain Plugin CSRF Lets Attackers Toggle Maintenance Mode

CVE-2022-50955: WordPress Curtain 1.0.2 CSRF flaw lets attackers trick admins into toggling site maintenance mode via forged requests without nonce validation.

CVE-2022-50955
3 min read
WordPress GetPaid Plugin HTML Injection Flaw CVE-2021-47948MEDIUM
Vulnerabilities

WordPress GetPaid Plugin HTML Injection Flaw CVE-2021-47948

CVE-2021-47948 (CVSS 5.4): Authenticated attackers can inject arbitrary HTML via the Help Text field in GetPaid 2.4.6, enabling stored XSS attacks on payment forms.

CVE-2021-47948
3 min read
Acer PredatorSense LPE Lets Local Users Gain SYSTEM PrivilegesHIGH
Vulnerabilities

Acer PredatorSense LPE Lets Local Users Gain SYSTEM Privileges

CVE-2026-8069: Acer PredatorSense versions 3.00.3136 to 3.00.3196 expose a misconfigured named pipe, letting any authenticated local user execute code as SYSTEM and delete...

CVE-2026-8069
3 min read
Argo CD Flaw CVE-2026-42880 Leaks Kubernetes Secrets via Dry-RunCRITICAL
Vulnerabilities

Argo CD Flaw CVE-2026-42880 Leaks Kubernetes Secrets via Dry-Run

CVE-2026-42880 (CVSS 9.6) in Argo CD lets read-only attackers extract plaintext Kubernetes Secrets via ServerSideDiff endpoint using Server-Side Apply dry-run.

CVE-2026-42880
3 min read
Bouncy Castle BC-FJA Flaw CVE-2026-8149 Leaks GCM KeysHIGH
Vulnerabilities

Bouncy Castle BC-FJA Flaw CVE-2026-8149 Leaks GCM Keys

CVE-2026-8149 in Bouncy Castle BC-FJA 2.1.0–2.1.2 leaks AES-GCM authentication keys via side-channel in AVX-512f optimized gcm128w/gcm512w routines.

CVE-2026-8149
4 min read
CashDro 3 ATM Panel Weak PINs Enable Brute-Force AccessHIGH
Vulnerabilities

CashDro 3 ATM Panel Weak PINs Enable Brute-Force Access

CVE-2026-8076: CashDro 3 ATM admin panel (v24.01.00.26) accepts numeric PINs for authentication, enabling brute-force attacks that can compromise cash dispenser controls.

CVE-2026-8076
3 min read
CVE-2023-47268: PrusaSlicer 3MF Files Can Execute Arbitrary CodeMEDIUM
Vulnerabilities

CVE-2023-47268: PrusaSlicer 3MF Files Can Execute Arbitrary Code

CVE-2023-47268 (CVSS 5.3): A crafted 3mf project file in PrusaSlicer through 2.6.1 executes arbitrary code when sliced — no user interaction beyond opening the file.

CVE-2023-47268
3 min read
CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated UsersMEDIUM
Vulnerabilities

CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated Users

CVE-2024-30167 (CVSS 6.3): Authenticated users can execute arbitrary commands as root on Atlona AT-OME-MS42 Matrix Switcher 1.1.2 via a crafted POST to /cgi-bin/time.cgi.

CVE-2024-30167
3 min read
CVE-2025-69690: Netgate pfSense CE Module Installer RCE via BackupCRITICAL
Vulnerabilities

CVE-2025-69690: Netgate pfSense CE Module Installer RCE via Backup

CVE-2025-69690 (CVSS 9.1) lets authenticated admins achieve remote code execution on pfSense CE 2.7.2 by crafting a backup file with a serialized PHP object.

CVE-2025-69690
3 min read
← PrevPage 11 of 36Next →