CVE-2026-41496

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

CVE-2026-41497

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

RHCOS 4 : OpenShift Container Platform 4.6.9 (RHSA-2020:5615)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5615 advisory. - lldpd: buffer overflow in the lldpdecode function in daemon/protocols/lldp.c CVE-2015-8011 Note that Nessus has not tested for this issue b...

PT-2026-37122

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.9 Description Insufficient command handling in the parse mcp command function allows for arbitrary code execution. The function fails to implement a command allowlist or argument validation, enabling executables...

PT-2026-37121

Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.9 praisonaiagents versions prior to 1.6.9 Description Multiple backends in the multi-agent teams system fail to validate input, leading to arbitrary SQL execution. Specifically, nine backends—MySQL, PostgreSQL,...

CVE-2026-25308

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

CVE-2026-25308 WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

PT-2026-20681

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

CVE-2025-53286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through = 4.7.2...

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-18315 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike – Most Advanced WordPress Marketing Toolkit plugin versions up to, and including, 4.6.9 Description: The issue allows authenticated attackers with contributor-level access and above to perform SQL Injection via the status and id...

WordPress WP ULike Plugin <= 4.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP ULike Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1759 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db48c23d8083 Credits stealthcopter Required...

RHEL 7 : CloudForms 4.6.9 (RHSA-2019:0600)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0600 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

CVE-2024-0966

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'infotext'. This makes it possible for...

CVE-2023-6500

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'...

WordPress Plugin Shariff Wrapper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Shariff Wrapper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Shariff Wrapper Plugin <= 4.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Shariff Wrapper Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0966 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32b0d6ace355 Credits Muhammad Daffa Required...

Code injection

An issue was discovered in Stormshield Network Security SNS SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible...

CVE-2021-4334

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpdupdateoptions function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissio...