WordPress StatCounter – Free Real Time Visitor Stats plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin StatCounter versions = 2.1.1...

PT-2026-44751

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter addToTags function. The function is hooked to wp he...

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

CVE-2026-9301 omec-project amf NGReset Message memory corruption

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown parts of the NGSetupRequest Handler component, potentially leading to memory corruption...

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

CVE-2026-8493

CVE-2026-8493 affects the Drupal Colorbox Inline module. The issue arises because the module does not sufficiently sanitize the data-colorbox-inline attribute value passed to jQuery, enabling a Cross-Site Scripting (XSS) vulnerability. Affected versions are 0.0.0 through 2.1.0; remediation is to ...

CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

@antv/g-web-components (>=2.0.0 <=2.1.1), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) +1 more potentially affected by unknown CVE via @antv/g-webgl (>=2.0.0 <=2.1.1)

@antv/g-webgl NPM version =2.0.0, =2.0.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3965...

@agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)

@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3962...

Drupal Colorbox Inline 跨站脚本漏洞

Drupal Colorbox Inline is a Drupal pop-up display module developed by the Drupal company. Versions of Drupal Colorbox Inline prior to 2.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input validation during web page generation, which could lead to...

CVE-2026-6174

The CVE-2026-6174 issue affects the WordPress CC Child Pages plugin. All versions up to and including 2.1.1 are vulnerable to Stored Cross-Site Scripting via the 'more' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access and ...

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from issues with the NGAP Message Handler component. This vulnerability may lead to memory corruption...

PT-2026-39973

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi adminpage function. This makes it possible for unauthenticated attackers to update the plugin's zawgyi...

CVE-2026-42028

CVE-2026-42028 affects novaGallery (a PHP image gallery). Prior to version 2.1.1, there is a path traversal vulnerability that allows unauthenticated users to read image files outside the intended gallery root. The issue has been patched in version 2.1.1. The CVSS 3.1 base score is 5.3 (Medium), ...

CVE-2026-42028 novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

EUVD-2026-28806

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...