WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

CVE-2025-32424

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

CVE-2025-32437

CVE-2025-32437 affects AutoGPT prior to 0.6.63, specifically the MediaDurationBlock. The issue arises because MediaDurationBlock downloads and stores videos in a temporary directory without proper deletion, and StepThroughItemsBlock can iterate MediaDurationBlock multiple times, with no limit on ...

CVE-2025-32422

AutoGPT contains a DoS vulnerability in StepThroughItemsBlock leading to disk exhaustion via unbounded downloads to FileStoreBlock. Before version 0.6.63, StepThroughItemsBlock can iterate over an arbitrary list and trigger downloads to FileStoreBlock without limiting loop count, while FileStoreB...

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

CVE-2026-39437

The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...

SUSE CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

...

CVE-2026-44976

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

EUVD-2026-32594

Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step...

CVE-2026-44976

CVE-2026-44976 affects the Frappe web framework. The vulnerability is described as an IDOR in the “update_onboarding_step” function, allowing any user to modify any field in any Onboarding Step record prior to version 16.17.4. The issue is explicitly patched in version 16.17.4. The available conn...

EUVD-2026-36493

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

CVE-2026-44976 Frappe: IDOR in update_onboarding_step

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

CVE-2026-44976 Frappe: IDOR in update_onboarding_step

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

EUVD-2026-36411

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

PT-2026-48857

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...