CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-45435

CVE-2026-45435 : A DOM-based XSS vulnerability affects the WordPress WP Activity Log plugin, specifically versions up to 5.6.3. The issue is described as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) in Melapress WP Activity Log, enabling DOM-based XSS. The...

123peterkim-minirpc (=0.0.1), @0x330a/wagmi-svelte5 (>=0.2.0 <=0.2.3) +1763 more potentially affected by CVE-2026-42570 via devalue (>=5.6.3 <=5.8.0)

devalue NPM version =5.6.3, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =7.10.0, =7.10.0, =0.0.3, =0.2.0, =1.7.7, =2.0.6, =0.0.5, =16.0.0, =1.0.1, =1.1.19 and more Source cves: CVE-2026-42570 Source advisory: OSV:GHSA-77VG-94RM-HX3P...

CVE-2025-13480

Fudo Enterprise (versions 5.5.0–5.6.2) contains an authorization flaw where low-privileged users can access administrator-only API endpoints, exposing sensitive data such as system logs and parts of system configuration. Root cause: improper protection/authorization on API resources. Impact: pote...

CVE-2025-13480 Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

PT-2026-33742

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

@aabelmann/ui-layer (=0.0.1), @adinvadim/convex-vue (>=1.1.0 <=1.3.0) +742 more potentially affected by CVE-2026-30226 via devalue (>=4.0.1 <=5.6.3)

devalue NPM version =4.0.1, =1.1.0, =1.0.4, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.3.0, =0.5.7, =0.0.1-beta.3, =0.0.1-alpha.1, =0.0.17, =0.0.18 and more Source cves: CVE-2026-30226 Source advisory: SNYK:JS-DEVALUE-15467451...

Allocation of Resources Without Limits or Throttling

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the uneval or stringify functions. An attack...

a-simple-llm-kit (>=0.3.0 <=0.4.2), a62-emotion (>=0.9.2 <=0.11.4) +3409 more potentially affected by CVE-2025-69872 via diskcache (>=2.4.1 <=5.6.3)

diskcache PYPI version =2.4.1, =0.3.0, =0.9.2, =0.1.0, =0.2.1, =0.3.4, =0.1.1, =0.3.3, =0.0.2, =20260210.0.0, =3.0.0, =0.2.0, =1.1.0 and more Source cves: CVE-2025-69872 Source advisory: OSV:GHSA-W8V5-VHQR-4H9V...

UBUNTU-CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

CRMEB 授权问题漏洞

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained a vulnerability related to authorization issues. This vulnerability stemmed from incorrect handling of the orderid parameter in files like /api/storeintegral/order/detail/:uni, which...

CVE-2026-1202

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out...

CVE-2026-1202

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out...

CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CRMEB authorization issue vulnerabilities

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained a vulnerability related to authorization issues. This vulnerability stemmed from incorrect handling of the parameter openId in the file crmeb/app/api/controller/v1/LoginController.php,...

EUVD-2020-7860

Malware in sbrugna...

EUVD-2018-9936

Malware in sbrugna...

CVE-2020-25116

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...

CVE-2020-15882

A CSRF issue in manager/deletemachine/id in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database...

CVE-2020-25124

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php=rebuild= URI...