247 matches found
CVE-2026-33347
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...
@0dotxyz/p0-ts-sdk (>=2.1.1 <=2.2.0-alpha.4), @1stg/app-config (>=4.0.0 <=9.0.1) +2366 more potentially affected by CVE-2026-33532 via yaml (>=2.0.0 <=2.8.2)
yaml NPM version =2.0.0, =2.1.1, =4.0.0, =4.2.0, =6.0.0, =0.0.3, =1.0.0, =7.0.0, =0.1.0-alpha.1, =0.24.1-20230627140514, =0.25.1-20250326172337, =0.24.1-20230627140514, =3.25.5, =3.10.2-20230627150207, =3.14.1-20230608124329, =3.32.1 and more Source cves: CVE-2026-33532 Source advisory:...
EUVD-2026-15679
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...
CVE-2026-25358
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...
CVE-2026-25358 WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...
CVE-2026-25358
The CVE-2026-25358 entry covers a PHP object-injection vulnerability in the WordPress Meloo theme, affecting Meloo versions prior to 2.8.2. Root cause: deserialization of untrusted data could lead to object injection. Impact as stated includes high confidentiality, integrity, and availability con...
WordPress plugin Meloo 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27919
Name of the Vulnerable Software and Affected Versions rascals Meloo versions prior to 2.8.2 Description An issue exists in rascals Meloo related to the deserialization of untrusted data, which allows for object injection. The deserialization process does not properly validate the incoming data,...
UBUNTU-CVE-2026-33347
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...
CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...
CVE-2026-33347
Summary: CVE-2026-33347 affects league/commonmark’s Embed extension DomainFilteringAdapter. A missing hostname boundary assertion in the domain-matching regex allows an attacker-controlled domain (e.g., youtube.com.evil) to bypass the allowlist, potentially treating untrusted content as allowed. ...
WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meloo versions 2.8.2...
Server-side Request Forgery (SSRF)
Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DomainFilteringAdapter process. An attacker ca...
Malicious code in zip.js-2.8.2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042 The package zip.js-2.8.2 was found to contain malicious code...
MAL-2026-1881 Malicious code in zip.js-2.8.2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042 The package zip.js-2.8.2 was found to contain malicious code...
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability discovered by WordFence in WordPress Plugin JS Help Desk versions = 2.8.2...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...
CVE-2025-67984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
WordPress plugin NPS computy 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
cn.datask:dat-adapter-duckdb (>=0.6.1 <=0.7.1), cn.datask:dat-adapter-mysql (>=0.6.1 <=0.7.1) +158 more potentially affected by CVE-2026-25526 via com.hubspot.jinjava:jinjava (>=2.8.0 <=2.8.2)
com.hubspot.jinjava:jinjava MAVEN version =2.8.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.1 and more Source cves: CVE-2026-25526 Source advisory: SNYK:JAVA-COMHUBSPOTJINJAVA-15189006...