CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

@abtnode/analytics (>=1.16.13 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/auth (>=1.3.13 <=1.17.12-beta-20260422-093007-b389a838) +209 more potentially affected by CVE-2026-32689 via phoenix (>=1.7.10 <=1.7.21)

phoenix NPM version =1.7.10, =1.16.13, =1.3.13, =1.1.12, =1.6.23, =1.16.6, =1.0.0, =1.16.33, =1.0.0, =1.0.35, =1.16.33, =1.0.2, =1.16.33, =1.16.33, =1.0.0, =1.17.12-beta-20260422-093007-b389a838 and more Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...

EUVD-2012-1061

Malware in sbrugna...

EUVD-2011-2904

Malware in sbrugna...

EUVD-2025-27653

Malicious code in bioql PyPI...

CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

WordPress Run Log plugin <= 1.7.10 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Claw.k in WordPress Plugin Run Log versions = 1.7.10...

WordPress plugin Run Log 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Linux Distros Unpatched Vulnerability : CVE-2024-7625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation...

CVE-2023-26861

SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet module...

CVE-2025-0281 Stored Cross-Site Scripting (XSS) in lunary-ai/lunary

A stored cross-site scripting XSS vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. An attacker can inject malicious JavaScript into the SAML IdP XML metadata, which is used to generate the SAML login redirect URL. This URL is then set as the value of window.location.href witho...

BIT-VAULT-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

CVE-2023-45375

In the module "PireosPay" pireospay before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via PireosPayValidationModuleFrontController::postProcess...

CVE-2023-45375

In the module "PireosPay" pireospay before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via PireosPayValidationModuleFrontController::postProcess...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop PireosPay versions prior to 1.7.10 that stems from the presenc...

PT-2023-29532 · Pireospay +1 · Pireospay +1

Name of the Vulnerable Software and Affected Versions: PireosPay versions prior to 1.7.10 Description: A SQL injection issue exists in the PireosPay module for PrestaShop, where a guest can perform SQL injection via the PireosPayValidationModuleFrontController::postProcess function...

Remote code execution

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

CVE-2023-38689 Deserialization of Untrusted Data in network IO

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

CVE-2023-23833

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...

CVE-2023-23833 WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Steven Henty Drop Shadow Boxes plugin = 1.7.10 versions...