CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

GHSA-RW47-HM26-6WR7 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

CVE-2026-44429

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

CVE-2026-44429 MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

CVE-2026-39882 affecting package moby-containerd-cc for versions less than 1.7.7-11

CVE-2026-39882 affecting package moby-containerd-cc for versions less than 1.7.7-11. A patched version of the package is available...

CVE-2026-25351

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-32415

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through = 1.7.7...

EUVD-2026-15666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-25351

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-25351 WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-25351

The CVE-2026-25351 entry concerns the WordPress theme MyMedi (MyMedi) with a Reflected Cross-Site Scripting flaw in MyMedi up to version 1.7.7, caused by improper input neutralization during web page generation. The Wordfence report confirms affected software as MyMedi

CVE-2026-25351 WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

PT-2026-27912

Name of the Vulnerable Software and Affected Versions MyMedi versions prior to 1.7.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject malicious...

WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyMedi versions 1.7.7...

UTT HiPER 810G 安全漏洞

UTT HiPER 810G is a firewall router produced by UTT Corporation. Versions of UTT HiPER 810G prior to 1.7.7-171114 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations on the parameter loadBalanceNameOld in the file/goform/formApLbConfig, which could lead t...