CVE-2026-40754

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

PT-2026-45728

Name of the Vulnerable Software and Affected Versions Confidant versions prior to 1.5 Description Improper control of filenames for include or require statements in the PHP program allows for Local File Inclusion. This occurs when the application fails to properly validate the file paths used in...

WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

WordPress Google PageRank Display plugin <= 1.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Google PageRank Display versions = 1.4...

CVE-2026-33895

Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S

CVE-2026-27831 rldns Vulnerable to Heap-based Out-of-Bounds Read

rldns is an open source DNS server. Version 2.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

EUVD-2026-8787

rldns is an open source DNS server. Version 2.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

CVE-2026-27831

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

PT-2026-21578

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description The UDM component of free5gc, used for Unified Data Management in 5G mobile core networks, discloses detailed internal error messages to remote clients when processing invalid...

CVE-2025-62103

Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...

PT-2025-49885

Cross-Site Request Forgery CSRF vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through = 1.4...

CVE-2025-60242 WordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

PT-2025-44288

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker. Recommendations Update Jenkins Start Windocks...

EUVD-2025-36007

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

PT-2025-43810

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

EUVD-2023-27236

Malicious code in bioql PyPI...

PT-2025-39021

Name of the Vulnerable Software and Affected Versions WPFactory Adverts versions through 1.4 Description A flaw exists in WPFactory Adverts that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability cou...