2348 matches found
PT-2026-20599
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno update page title. This makes it possible for...
WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability
Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...
Mate Security Introduces the Security Context Graph, an Approach to Smarter SOCs
New York, USA, 17th February 2026, CyberNewswire...
From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause Fixes
Learn how Wiz is fundamentally changing AppSec by using the Security Graph to connect validated runtime vulnerabilities directly back to source code. Stop chasing alerts and fix what’s truly exploitable...
BIT-GITLAB-2025-14592 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...
CVE-2026-1939
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percenttograph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1939
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percenttograph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1939
CVE-2026-1939 concerns the WordPress plugin Percent to Infograph. The vulnerability is a Stored XSS via the shortcode percent_to_graph, affecting versions up to 1.0, exploitable by authenticated attackers with contributor+ rights due to insufficient input sanitization and output escaping. The Wor...
CVE-2026-1939 Percent to Infograph <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percenttograph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-26020
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
PT-2026-8083
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the percent to graph shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
@jamietanna/renovate-graph (=0.36.0), @secustor/backstage-plugin-renovate-backend-module-runtime-direct (=3.1.1) potentially affected by unknown CVE via renovate (>=42.92.4 <=42.92.5)
renovate NPM version =42.92.4, =42.92.5 is affected by a known vulnerability. The following packages have a transitive dependency on renovate and may be impacted: - @jamietanna/renovate-graph =0.36.0 - @secustor/backstage-plugin-renovate-backend-module-runtime-direct =3.1.1 Source cves: unknown C...
CVE-2026-26020
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
CVE-2026-26020 AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
CVE-2026-26020
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
CVE-2026-26020
Technical details about CVE-2026-26020 are not publicly provided in the supplied documents; monitor for updates to obtain affected products, impact, and fixes.
CVE-2026-26020 AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
CVE-2026-26020 AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...
CVE-2025-55210
CVE-2025-55210 affects FreePBX PBX API (module api) prior to 17.0.5 and 16.0.17. The issue allows privilege escalation for authenticated users with REST/GraphQL API access by forging a valid JWT signed with the api-oauth.key private key and arbitrary scopes. The token will be accepted only if its...
CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes
FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...