LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

@antv/chart-advisor (>=1.0.0 <=1.1.7), @opd/ava (=1.0.0) +1 more potentially affected by unknown CVE via @antv/knowledge (=1.1.4)

@antv/knowledge NPM version =1.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/knowledge and may be impacted: - @antv/chart-advisor =1.0.0, =1.0.0, =1.0.10 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4032...

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

VulnCheck KEV: CVE-2025-4606

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it...

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

EUVD-2026-26013

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

PT-2026-35687

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

PT-2026-35667

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...

org.springframework.ai:spring-ai-starter-vector-store-gemfire (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-gemfire-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-gemfire-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321389...

com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), org.springframework.ai:spring-ai-starter-model-transformers (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-autoconfigure-model-transformers (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-autoconfigure-model-transformers MAVEN version =1.1.0-M1, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316420...

org.springframework.ai:spring-ai-starter-vector-store-mongodb-atlas (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-mongodb-atlas-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-mongodb-atlas-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321392...

org.springframework.ai:spring-ai-starter-vector-store-typesense (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-typesense-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-typesense-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321396...

Malicious code in frank-research-poc-apple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...

WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin WP Sessions Time Monitoring Full Automatic versions = 1.1.4...

CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

CVE-2026-40737

The CVE concerns WordPress COMPE plugin