CVE-2026-42159

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

CVE-2026-33054

CVE-2026-33054 affects the Mesop Python UI framework (versions ≤ 1.2.2) and enables a Path Traversal via the UI stream payload when FileStateSessionBackend is used. An untrusted state_token can target arbitrary files on disk, causing denial of service (crash loops) or unauthorized file writes/del...

WordPress Event Theme <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Event Type Theme Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35711 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d5f7b8ac39ab Credits stealthcopter Required privilege Contributor...

WordPress Novelist Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Novelist Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32093 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a2c840335cd8 Credits Dhabaleshwar Das Required...

WordPress WooCommerce Box Office Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e62ee904d23 Credits Rafie Muhammad...

WordPress BuddyForms Attach Post with Group Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Attach Post with Group Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9d4312fdd8bd Credits Rafie Muhammad...

CVE-2023-2280

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...