AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

EUVD-2026-29400

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-5715

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-5715 Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-5715

The Voyage Plus WordPress plugin is vulnerable to Stored XSS via the class attribute of the post-content shortcode in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access can inje...

WordPress Voyage Plus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Voyage Plus versions = 1.0.6...

org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.0.0 <=1.0.6), plus.hiver:hiver-module-ai (=1.0.9) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-milvus-store (>=1.0.0 <=1.0.6)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.0.0, =1.0.0, =1.0.6 - plus.hiver:hiver-module-ai =1.0.9 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +445 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-model MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624613...

parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

EUVD-2025-209729

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

NPM: parse-ini is vulnerable to Prototype Pollution in index.js()

NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...

GHSA-X72J-HV9F-QQH4 parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

parse-ini 安全漏洞

parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

PT-2026-38452

Name of the Vulnerable Software and Affected Versions parse-ini version 1.0.6 Description The npm package is subject to Prototype Pollution within the index.js function. Prototype Pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to altered applicati...

CVE-2025-63703

CVE-2025-63703 affects the npm package parse-ini v1.0.6 and is a Prototype Pollution vulnerability in index.js(). The accompanying metrics indicate a CRITICAL impact (CVSS 3.1: 9.8) with NETWORK attack vector, no privileges required, no user interaction, and high impact on confidentiality, integr...

CVE-2026-39668

Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through = 1.0.6...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

EUVD-2026-26013

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...