CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid

NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid vulnerability discovered by ? in WordPress Npm ssrfcheck versions 1.2.0...

HytaleModding Wiki 代码问题漏洞

HytaleModding Wiki is an open-source documentation platform for Hytale Modding. Versions of HytaleModding Wiki prior to 1.2.0 had code vulnerabilities. These vulnerabilities stemmed from the quickUpload endpoint’s validation of MIME types, but it used file extensions provided by the client, which...

EUVD-2026-16377

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3525

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3526

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3525

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3525 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

Linux Distros Unpatched Vulnerability : CVE-2025-53922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in a...

CVE-2025-58053 Galette has a privilege escalation vulnerability

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

CVE-2025-53922 Galette has access control bypass

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

CVE-2025-48076 Galette is vulnerable to Cross-site Scripting

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

CVE-2025-57327

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

WordPress plugin Button Block 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Button Block 1.2.0 and prior...

Actualizer 安全漏洞

Actualizer is a simple single shell scripting solution open-sourced by ChewKeanHo for creating Debian from scratch. A security vulnerability exists in versions of Actualizer prior to 1.2.0 that stems from the use of an inappropriate SHA512 password hash algorithm, which may result in insufficient...

nosurf 安全漏洞

nosurf is an HTTP package for Go by Justinas Stankevičius personal developer. It helps you prevent cross-site request forgery attacks. A security vulnerability exists in nosurf versions prior to 1.2.0, which stems from a CSRF check bypass that could lead to cross-site request forgery...

AZL-77496 CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...