CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

PT-2026-21941

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2 Description Plane is an open-source project management tool. The ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk vi...

EUVD-2020-0540

Malware in sbrugna...

WordPress WP Directory Kit Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2279 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b8d81b5ec5ec Credits Lana Codes Required...