1092 matches found
WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.
Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
PYSEC-2026-1292 dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...
CVE-2026-12729
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...
CVE-2026-12729
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...
CVE-2026-12729 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Data Migration via wedocs_migrate_betterdocs_to_wedocs AJAX Action
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...
PT-2026-55440
Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description The plugin contains a missing authorization flaw. The do migration function, registered as the wedocs migrate betterdocs to wedocs AJ...
Security update for gleam (moderate)
openSUSE security update: security update for gleam ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21143-1 Rating: moderate References: bsc1267396 bsc1267397 bsc1267398 Cross-References: CVE-2026-32685 CVE-2026-42795 CVE-2026-43965 Affected Product...
MAL-2026-6590 Malicious code in envfile-sync-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097a9a647e6d99cd53b881cae4fdd747d03b319388107c946c70b8804d3d917b On every import of envfile-sync-cli, src/index.js calls process.dlopen on bin/native/parser.node — a 2.9MB Windows PE executable sha256...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libssh2: libssh2-1.11.1-8.hum1 aarch64, x8664 libssh2-devel-1.11.1-8.hum1 aarch64, x8664 libssh2-docs-1.11.1-8.hum1 noarch libssh2-1.11.1-8.hum1.src src...
OPENSUSE-SU-2026:21143-1 Security update for gleam
This update for gleam fixes the following issues: Changes in gleam: - Update to 1.17.0: Fixed security vulnerabilities: - Restrict custom documentation page path and source values so gleam docs build cannot escape the docs output directory or project root bsc1267396, CVE-2026-32685 - Restrict...
Malicious code in @mastra/mcp-docs-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 477f5b90c17486d7cf04f5aa840c94a66509022040515038a955e610a31c88e4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.
Red Hat Developer Hub 1.9.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
EUVD-2026-36783
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
CVE-2026-50885
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
MAL-2026-5802 Malicious code in cardano-addresses-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d99ae2a620ac8a3db31cde344d6d1e46914f785b3d5f4b8debdb20d64fa9c75 package.json declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host identifiers os.hostname,...
XXE Injection
Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...
PT-2026-49326
Name of the Vulnerable Software and Affected Versions Sismics Docs Teedy version 1.11 Description Incorrect access control in the share-based read endpoints allows unauthorized attackers to access sensitive endpoints by sending a crafted request. Recommendations At the moment, there is no...
CVE-2026-50885
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
CVE-2026-50885
CVE-2026-50885 concerns Sismics Docs (Teedy) with version v1.11, where an incorrect access control flaw in the share-based read endpoints enables unauthorized attackers to access sensitive endpoints via a crafted request. The related advisories consistently describe limited information about root...