CVE-2026-44586

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

DEBIAN-CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

UBUNTU-CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

PT-2026-26961

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

WordPress Essential Blocks plugin <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability

Missing Authorization To Authenticated Author+ Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.2...

EUVD-2023-59206

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-6514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a...

WordPress Page and Post Clone plugin <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Author+ Sensitive Information Exposure vulnerability discovered by Bassem Essam in WordPress Plugin Page and Post Clone versions = 6.0...