@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airports (>=0.3.2 <=0.6.1)

@squawk/airports NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3436...

CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

CVE-2026-30346 affects hunvreus DevPush v0.3.2 with an open redirect in the /api/google/authorize endpoint. The underlying issue allows an attacker to redirect users to malicious sites by supplying a crafted URL. Impact details are that redirects could lead users to unintended destinations; explo...

/dev/push 输入验证错误漏洞

/dev/push is an open-source application hosting platform developed by Ronan Berder, designed for zero-downtime deployment and real-time monitoring. Version 0.3.2 of /dev/push contains a vulnerability related to input validation. This vulnerability stems from an open redirection in...

EUVD-2026-25877

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

Fedora 43 : chunkah (2026-1269948465)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1269948465 advisory. Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release Fri Mar 20 2026 Packit -...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

WeKnora 访问控制错误漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.2 of WeKnora, there was an access control vulnerability. This vulnerability stemmed from an...

ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4897 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)

com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: SNYK:JAVA-COMMCHANGE-15353394...

CVE-2026-1912

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Citations tools 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

StudyMD security vulnerabilities

StudyMD is a Markdown reader developed by Jotron’s individual developers. Version 0.3.2 of StudyMD contains a security vulnerability; this vulnerability stems from allowing malicious scripts to be injected into Markdown files, potentially leading to remote code execution...