CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

EUVD-2026-31018

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

PT-2026-42056

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2026-42123

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'model name', 'model id', 'integration id', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

UBUNTU-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers

Model Context Protocol MCP has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can...

CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42177

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle params/3 in lib/phoenix storybook/live/story/component iframe live.ex...

PT-2026-42258

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.6.2 to 1.25.0 of NLnet Labs Unbound, there is a buffer error vulnerability. This vulnerability stems from a potential stack overflow during the DNSCrypt packet reading process. Malicious attackers can...

PT-2026-42124

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.6.2 through 1.25.0 Description A denial of service issue exists when the software is compiled with DNSCrypt support using the --enable-dnscrypt flag. A specially crafted DNSCrypt query, where the decrypted plainte...

SQLFluff: Recursive Stack Overflow in Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.1.0 and up contain ...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...