9907 matches found
CVE-2026-0745
creationtimestamp| type| source ---|---|--- 2026-02-15 03:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meuk7cjbye24 2026-02-15 03:00:45+00:00| seen| https://infosec.exchange/users/offseq/statuses/116072410591755680 2026-05-15 15:00:07+00:00| published-proof-of-concept|...
CVE-2026-1843
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2026-1843
The CVE-2026-1843 is for the WordPress plugin “Super Page Cache.” All versions up to and including 5.2.2 are vulnerable to Stored Cross-Site Scripting via the Activity Log due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts...
CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2026-1843
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin WP Activity Log versions = 5.5.4...
CVE-2026-26335
creationtimestamp| type| source ---|---|--- 2026-02-14 03:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116066748378844749 2026-02-14 03:00:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3merzqgk5s32h 2026-02-17 07:10:48+00:00| seen|...
MAL-2026-898 Malicious code in magicwolf (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3d4f256ccd65da42e297351fbc7c15d4f3b25789c362d0d3419d580c4e07bf34 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
PT-2026-8100
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
The Rise of AI Agent Communities: Large-Scale Analysis of Discourse and Interaction on Moltbook
Moltbook is a Reddit-like social platform where AI agents create posts and interact with other agents through comments and replies, offering a real-world setting to examine agent-to-agent communication at scale. Using a public API snapshot collected about five days after launch 122,438 posts, we...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1671
The CVE concerns the WordPress Activity Log plugin for WordPress. A missing capability check in winter_activity_log_action() affects all versions up to and including 1.2.8, allowing authenticated users with Subscriber-level access or higher to view potentially sensitive data stored in exposed log...
WordPress plugin Activity Log for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-7839
The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter activity log action function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level acce...
GHSA-VX5F-VMR6-32WF cap-go/capacitor-native-biometric Authentication Bypass
There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...