CVE-2026-7237

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...

PT-2026-26464

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 Description phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a...

CVE-2025-62144

Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through = 1.0.28...

CVE-2025-62144 WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through = 1.0.28...

WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Core Web Vitals & PageSpeed Booster versions = 1.0.28...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

Kanova Android App 安全漏洞

Kanova Android App is a social group application by Kanova. A security vulnerability exists in Kanova Android App version 1.0.27, which stems from improper access control and could lead to unauthorized access to user details and obtain group information...

EUVD-2023-37381

Malicious code in bioql PyPI...

EUVD-2024-34018

Malicious code in bioql PyPI...

CVE-2024-11275

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes...

WordPress plugin WP Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-22731 · Tablesome · Tablesome

Name of the Vulnerable Software and Affected Versions: Table & Contact Form 7 Database – Tablesome versions 1.0.0 through 1.0.27 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS, which c...

WordPress Plugin Image Optimizer by 10web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-33211

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in André Bräkling WP-Matomo Integration WP-Piwik plugin = 1.0.27 versions...

WordPress plugin WP-Matomo Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Image Optimizer by 10web Plugin < 1.0.27 is vulnerable to Cross Site Scripting (XSS)

Software Image Optimizer by 10web Type Plugin Vulnerable versions 1.0.27 Fixed in 1.0.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2122 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b135df868a4f Credits Phạm Ngọc Khá...

Debian DLA-2418-1 : libsndfile security update

Several issues have been found in libsndfile, a library for reading/writing audio files. All issues are basically divide by zero errors, heap read overflows or other buffer overlow errors. For Debian 9 stretch, these problems have been fixed in version 1.0.27-3+deb9u1. We recommend that you upgra...

WordPress Rank Math SEO Plugin <= 1.0.27 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...

Information disclosure

The Gulf Coast Educators FCU aka com.metova.cuae.gcefcu application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

tarsnap -- cryptographic nonce reuse

Colin Percival reports: In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since the...