CVE-2026-9521

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/stdsmartptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...

CVE-2026-9521 fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/stdsmartptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...

CVE-2026-25008

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

PT-2026-20678

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Cross-Site Request Forgery vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Cross-Site Request Forgery vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin LatePoint versions = 5.2.5...

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-5287

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

BearShare Lite security vulnerability

BearShare Lite is a peer-to-peer file sharing software developed by the BearShare company. Version 5.2.5 of BearShare Lite contains a security vulnerability, which stems from a buffer overflow in the advanced search keyword input field, potentially allowing for the execution of arbitrary code...

CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

CVE-2026-22589

CVE-2026-22589 affects Spree (Rails e-commerce); unauthenticated IDOR allows access to guest address data. Affected: Spree versions before 4.10.2, 5.0.7, 5.1.9, and 5.2.5. Patch/mitigation: upgrade to 4.10.2+, 5.0.7+, 5.1.9+, or 5.2.5+. Root cause cited as faulty authorization (CanCanCan) leading...

CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without...

Spree 安全漏洞

Spree is an open source shopping mall using Ruby on Rails for individual developers. A security vulnerability exists in Spree versions prior to 4.10.2, 5.0.7, 5.1.9, and 5.2.5, which stems from an insecure direct object reference by an authenticated user that could lead to obtaining other users'...

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

CVE-2025-65108

CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...

EUVD-2021-19430

Malware in sbrugna...

EUVD-2007-6009

Malware in sbrugna...

EUVD-2023-48171

Malicious code in bioql PyPI...