CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

EUVD-2026-37596

Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...

WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gunslinger versions = 1.7...

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

CVE-2026-32334

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through = 1.1.7...

PT-2026-27970

Name of the Vulnerable Software and Affected Versions uxper Golo versions through 1.7.0 Description An incorrect privilege assignment exists in uxper Golo, allowing for privilege escalation. Recommendations Update uxper Golo to a version later than 1.7.0...

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

CVE-2026-22399

CVE-2026-22399 is a Local File Inclusion vulnerability in Mikado-Themes Holmes (WordPress theme) affecting versions through 1.7. The issue arises from improper control of filenames in include/require for PHP, enabling PHP Local File Inclusion (and historically described as PHP Remote File Inclusi...

RustDesk Server PRO 安全漏洞

RustDesk Server PRO is a set of remote desktop server management scripts developed by RustDesk’s individual developers. Versions of RustDesk Server PRO prior to 1.7.5 contained security vulnerabilities, which stemmed from the use of defective encryption algorithms. These vulnerabilities could lea...

CVE-2025-69102

CVE-2025-69102 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin WP Test Email (wp-test-email) versions up to and including 1.1.7. The issue is described as improper neutralization of input during web page generation, enabling reflected XSS. Public references ...

WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin ListingPro Reviews versions 2.9.11...

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-40542

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below Description Cursor CLI Agent does not adequately protect its sensitive files, specifically /.cursor/cli.json. This allows attackers to modify the content of these files through prompt injection, potentially leadin...

WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin LeadBI Plugin for WordPress versions = 1.7...

CVE-2025-52821 WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7...

WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...

CVE-2023-46821

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Security Headers allows auth. admin+ SQL Injection.This issue affects GD Security Headers: from n/a through 1.7...

CVE-2021-36178

A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup...

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7...