EUVD-2026-33886

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

PT-2026-43521

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

PT-2026-40433

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed non write users: $...

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...

CVE-2026-27416

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

BIT-JAVA-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

GHSA-42FC-7W97-8VRC XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter

Impact The PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious externa...

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

Oracle Linux 8 : libxml2 (ELSA-2026-11349)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...

CVE-2026-39660

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

CVE-2026-32421 WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through = 2.4.1...

SUSE CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

WordPress Directorist Booking plugin <= 2.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Directorist Booking versions = 2.4.1...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735

Summary: Multiple sources describe a race condition in GraphQL Modules where, when 2 or more parallel requests trigger the same service, the request context injected via @ExecutionContext() can be mixed between concurrent executions, potentially leaking authentication-context data between users. ...

RockyLinux 8 : libpng (RLSA-2026:0241)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0241 advisory. libpng: LIBPNG buffer overflow CVE-2025-64720 libpng: LIBPNG heap buffer overflow CVE-2025-65018 libpng: LIBPNG out-of-bounds read in pngimagereadcomposi...