CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

Astra Linux - уязвимость в ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. A vulnerability was discovered in Sinatra 2.0 before versions 2.2.3 and 3.0 before version 3.0.4. The application is vulnerable to a reflected file download RFD attack, which causes the Content-Disposition header of a...

1g6table (=0.1.0), 7qb (=0.0.17) +1349 more potentially affected by unknown CVE via @antv/matrix-util (>=3.0.4 <=3.1.0-beta.3)

@antv/matrix-util NPM version =3.0.4, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =0.9.1, =1.0.0, =0.2.0, =1.1.15, =1.0.4, =2.1.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4067...

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin = 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin JS Help Desk versions = 3.0.4...

CVE-2026-32881

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...

CVE-2026-32881 ewe has an Overly Permissive List of Allowed Inputs

ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9...

CVE-2026-32873

CVE-2026-32873 affects the Gleam-based web server ewe (versions 0.8.0–3.0.4). The bug in handle_trailers causes an infinite loop when encountering rejected trailers by recursively re-parsing the same header (using rest) instead of advancing past it (Buffer(header_rest, 0)). This leads to a perman...

ewe 安全漏洞

ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities; these vulnerabilities stemmed from an infinite loop in the handletrailers function, which could lead to a denial-of-service attack...

CVE-2026-1761 affecting package libsoup for versions less than 3.0.4-13

CVE-2026-1761 affecting package libsoup for versions less than 3.0.4-13. A patched version of the package is available...

CVE-2026-1801 affecting package libsoup for versions less than 3.0.4-13

CVE-2026-1801 affecting package libsoup for versions less than 3.0.4-13. A patched version of the package is available...

CVE-2026-1467 affecting package libsoup for versions less than 3.0.4-13

CVE-2026-1467 affecting package libsoup for versions less than 3.0.4-13. A patched version of the package is available...

CVE-2026-0716 affecting package libsoup for versions less than 3.0.4-12

CVE-2026-0716 affecting package libsoup for versions less than 3.0.4-12. A patched version of the package is available...

CVE-2025-69388

Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...

CVE-2025-69388

CVE-2025-69388 affects WordPress Cliengo – Chatbot plugin

CVE-2025-69388 WordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through = 3.0.4...

CVE-2026-23545

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...

PT-2026-21169

Name of the Vulnerable Software and Affected Versions Cliengo – Chatbot versions through 3.0.4 Description An authorization issue exists in Cliengo – Chatbot, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Cliengo – Chatbot to a version...

WordPress plugin Cliengo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...