CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)

@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4030...

EUVD-2026-22802

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

CVE-2026-35589 nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update)

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

CVE-2026-35589

nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...

PT-2026-32960

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5 Description A Cross-Site WebSocket Hijacking CSWSH issue exists in the bridge's WebSocket server within bridge/src/server.ts. The server does not validate the Origin header during the WebSocket handshake, and...

EUVD-2026-19166

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

PT-2026-30562

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

Summarization Functions 操作系统命令注入漏洞

Summarization Functions is an intelligent text summarization server developed by Braffolk’s individual developer. Versions of Summarization Functions prior to 0.1.5 had a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the command...

IMAPServer (=0.1.0), OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2) +1860 more potentially affected by unknown CVE via tokio-uds (>=0.1.5 <=0.3.0-alpha.1)

tokio-uds CARGO version =0.1.5, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0050...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...

@farmfe/cli (>=0.1.0 <=0.2.0), @farmfe/js-plugin-tailwindcss (>=0.0.2 <=0.0.20) +5 more potentially affected by CVE-2025-56647 via @farmfe/core (>=0.1.5 <=1.7.11)

@farmfe/core NPM version =0.1.5, =0.1.0, =0.0.2, =1.0.0, =0.0.2, =2.7.0, =1.0.5, =1.3.4 Source cves: CVE-2025-56647 Source advisory: OSV:GHSA-P773-8MF4-RJM5...

EUVD-2026-5715

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

CVE-2025-15476

The CVE-2025-15476 affects the WordPress plugin The Bucketlister, specifically versions up to 0.1.5. The root cause is a missing capability check in the bucketlister_do_admin_ajax() function, allowing authenticated attackers with Subscriber-level access (and higher) to add, delete, or modify arbi...

CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

EUVD-2025-206892

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

EUVD-2025-206893

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-15477 The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-15477

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...