Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. Additions in the malloc function may lead to an integer overflow, followed by a heap buffer overflow...

@antv/ava (=3.6.0-alpha.0), @antv/g (>=6.0.0 <=6.2.1) +6 more potentially affected by unknown CVE via @antv/g-dom-mutation-observer-api (>=2.0.0 <=2.0.9)

@antv/g-dom-mutation-observer-api NPM version =2.0.0, =6.0.0, =0.5.9, =2.0.0, =1.2.5, =1.2.6 - expression-language-editor =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3918...

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017561 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave.c. Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017566 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMAADPCMdecode in audio/SDLwave.c. Tenable has extracted the...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLGetRGB in the video/SDLpixels.c file, there is a heap-based buffer over-read issue in versions from 1.2.15 up to 2.x, and from 2.0.9 onwards...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the Map1toN function within the video/SDLpixels.c file...

Astra Linux - уязвимость в libsdl1.2, libsdl2

SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from version 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the MSADPCMDecode function within audio/SDLwave.c...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. Multiplication operations within the calloc function may lead to integer overflows and subsequent heap buffer overflows...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMediaLayer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the InitIMAADPCM module of the audio/SDLwave.c file...

WordPress Responsive Blocks – Page Builder for Blocks & Patterns plugin 2.0.9-2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions 2.0.9-2.2.1...

CVE-2026-0814

The CVE-2026-0814 entry concerns the WordPress plugin Advanced CF7 DB . A missing capability check in the function vsz_cf7_export_to_excel affects all versions up to and including 2.0.9 , enabling authenticated users with Subscriber-level access and above to export form submissions to Excel files...

PT-2026-31390

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz cf7 export to excel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

PT-2026-31389

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz cf7 save setting callback' function. This makes it possible for unauthenticated attackers t...

EUVD-2026-15691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

CVE-2026-25371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...