2348 matches found
CVE-2026-33290
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...
ProHunter APT Hunting Tool / Paper
Advanced Persistent Threats APTs remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This technique models audit logs as a whole-system provenance graph a...
EUVD-2026-14007
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
CVE-2026-1393
The CVE-2026-1393 entry documents a CSRF vulnerability in the WordPress plugin “Add Google Social Profiles to Knowledge Graph Box” (versions up to 1.0). The root cause is missing nonce validation on the settings update functionality, allowing unauthenticated attackers to update the plugin’s Knowl...
AEGIS: From Clues to Verdicts -- Graph-Guided Deep Vulnerability Reasoning Via Dialectics and Meta-Auditing
Large Language Models LLMs are increasingly adopted for vulnerability detection, yet their reasoning remains fundamentally unsound. We identify a root cause shared by both major mitigation paradigms agent-based debate and retrieval augmentation: reasoning in an ungrounded deliberative space that...
PT-2026-26809
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...
WordPress plugin Add Google Social Profiles to Knowledge Graph Box 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
graph-generator-lib (>=0.1.0 <=0.1.10), libunftp (>=0.6.0 <=0.6.1) +7 more potentially affected by unknown CVE via tokio-compat (=0.1.6)
tokio-compat CARGO version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on tokio-compat and may be impacted: - graph-generator-lib =0.1.0, =0.6.0, =0.1.0, =0.1.3 - parity-runtime =0.1.2 - price-info =1.12.0 - rudolfs =0.2.11 - sccache =0.2.15 -...
CVE-2026-33395
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...
CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...
CVE-2026-33395
Discourse, via the discourse-graphviz plugin, is affected by a stored XSS that can be triggered by authenticated users through DOT graph definitions. The issue is present in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with the vulnerability being mitigated by patches in those pat...
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...
PT-2026-26201
Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...
EUVD-2026-12587
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...
CVE-2026-4148
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...