CVE-2026-8042

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-8042

The CVE concerns the WordPress plugin “Github Shortcode.” All versions up to 0.1 are affected by a Stored Cross-Site Scripting (Stored XSS) in the github shortcode via the repo attribute due to insufficient input sanitization and output escaping. An authenticated attacker with Contributor-level a...

WordPress Responsive Video Embedder plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Responsive Video Embedder versions = 0.1...

NPM: sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

NPM: sealed-env: TOTP secret embedded in unseal token payload enterprise mode vulnerability discovered by ? in WordPress Npm sealed-env versions 0.1.0-alpha.4...

voice-agent-tequity (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-44209 via banks (=2.2.0)

banks PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on banks and may be impacted: - voice-agent-tequity =0.1.0, =0.1.1 Source cves: CVE-2026-44209 Source advisory: SNYK:PYTHON-BANKS-16635495...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.22-0.1.hum1 noarch tomcat11-admin-webapps-11.0.22-0.1.hum1 noarch tomcat11-common-11.0.22-0.1.hum1 noarch tomcat11-docs-webapp-11.0.22-0.1.hum1 noarch...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

PT-2026-35193

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

`tokio-process` is unmaintained

The tokio-process crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

`tokio-signal` is unmaintained

The tokio-signal crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2026-0052 `tokio-sync` is unmaintained

The tokio-sync crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

`tokio-uds` is unmaintained

The tokio-uds crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2026-0059 `tokio-tcp` is unmaintained

The tokio-tcp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2026-0064 `tokio-udp` is unmaintained

The tokio-udp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2026-0051 `tokio-threadpool` is unmaintained

The tokio-threadpool crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

`tokio-current-thread` is unmaintained

The tokio-current-thread crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

`tokio-io` is unmaintained

The tokio-io crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2026-0062 `tokio-compat` is unmaintained

The tokio-compat crate is unmaintained. It was part of the transition from Tokio 0.1 to 0.2...

`tokio-sync` is unmaintained

The tokio-sync crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...