CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress plugin SponsorMe 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +2674 more potentially affected by unknown CVE via @antv/scale (>=0.0.1 <=0.5.2)

@antv/scale NPM version =0.0.1, =1.7.1, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.1-beta, =0.1.2, =1.1.43, =5.0.48, =1.0.1, =1.1.44 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4083...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace-data (>=0.3.2 <=0.5.2)

@squawk/airspace-data NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACEDATA-16640882...

armature-diesel (=0.1.0), authzen-diesel (=0.1.0-alpha.0) +12 more potentially affected by unknown CVE via diesel-async (>=0.1.1 <=0.5.2)

diesel-async CARGO version =0.1.1, =0.1.0, =0.17.0, =0.17.0, =0.17.0, =0.11.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-FF9Q-RM55-Q7QR...

CVE-2026-4139 mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

Linux Distros Unpatched Vulnerability : CVE-2026-4985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Imag...

CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

CVE-2026-4985 dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

PT-2026-28705

Name of the Vulnerable Software and Affected Versions dloebl CGIF versions up to 0.5.2 Description A flaw exists in dloebl CGIF up to version 0.5.2 related to integer overflow within the cgif addframe function located in the src/cgif.c file of the GIF Image Handler component. The issue stems from...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-006283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006283 advisory. Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of...

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...

CVE-2025-14053

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-14053

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-14053 Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-14053 Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

PT-2026-1615

Name of the Vulnerable Software and Affected Versions Wish To Go plugin for WordPress versions up to and including 0.5.2 Description The Wish To Go plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcode attributes. Insufficient input sanitization and output escaping ...

WordPress plugin Wish To Go 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...