CVE-2026-7630

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...

CVE-2026-7630 innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Restaurant Zone versions = 0.7.8...

SUSE CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

GHSA-MRQC-3276-74F8 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems

Summary PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy...

AZL-79283 CVE-2026-3381 affecting package optipng 0.7.8-5

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-70883 CVE-2025-64720 affecting package optipng 0.7.8-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

@balalarast/vue-bottom-sheet (>=0.0.1 <=0.4.1), @nova-org/components (>=0.0.1-next.0 <=0.0.1-next.3) +3 more potentially affected by unknown CVE via @oku-ui/primitives (=0.7.8)

@oku-ui/primitives NPM version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/primitives and may be impacted: - @balalarast/vue-bottom-sheet =0.0.1, =0.0.1-next.0, =0.4.0, =0.0.1, =0.2.1 - @phoenix-cg/vue-bottom-sheet =0.4.2 Source cves...

CVE-2025-6088

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088 Improper Authorization in danny-avila/librechat

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088

CVE-2025-6088 affects danny-avila/librechat. In version 0.7.8, improper authorization on the conversation sharing endpoint /api/share/conversationID allows a logged-in user to read other users’ conversations when the conversation ID is known. UUIDv4 IDs are server-side but can leak via logs, hist...

LibreChat 授权问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An authorization issue vulnerability exists in LibreChat version 0.7.8, which stems from improper authorization controls for the conversation sharing feature and could lead to unauthorized access to other users' conversatio...

CVE-2025-46462

Cross-Site Request Forgery CSRF vulnerability in Trân Minh-Quân WPVN wpvn-username-changer allows Cross Site Request Forgery.This issue affects WPVN: from n/a through = 0.7.8...

CVE-2025-46462

Cross-Site Request Forgery CSRF vulnerability in Trân Minh-Quân WPVN wpvn-username-changer allows Cross Site Request Forgery.This issue affects WPVN: from n/a through = 0.7.8...

CVE-2023-24008

Cross-Site Request Forgery CSRF vulnerability in yonifre Maspik – Spam Blacklist plugin = 0.7.8 versions...

WordPress plugin Maspik – Spam Blacklist 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Maspik – Spam blacklist Type Plugin Vulnerable versions = 0.7.8 Fixed in 0.7.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24008 Patch priority Low CVSS severity Low 4.3 Developer Yonifre PSID 06c51ed7d4f7 Credits Mika Required...

SUSE CVE-2008-6514

The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920...

cfsshtunnel (>=0.1.7 <=0.2.1), click-reviewers-tools (>=0.70.0 <=0.84.0) +2 more potentially affected by CVE-2019-15795 via python-apt (=0.7.8)

python-apt PYPI version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on python-apt and may be impacted: - cfsshtunnel =0.1.7, =0.70.0, =0.84.0 - craft-parts =1.19.8 - plex-updater =0.1.0 Source cves: CVE-2019-15795 Source advisory:...