30 matches found
CVE-2026-57914
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
PT-2026-52073
Name of the Vulnerable Software and Affected Versions Ghost versions 5.46.1 through 6.21.1 Description Validation applied to filters on public API endpoints could be partially bypassed, allowing the disclosure of private fields through a brute force attack. The impact varies by database: when usi...
Fedora 43 : glow (2026-6d67b00ef1)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6d67b00ef1 advisory. Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even mor...
CVE-2026-3599
The Riaxe Product Customizer plugin for WordPress is affected by an SQL Injection in the /wp-json/InkXEProductDesignerLite/add-item-to-cart endpoint. The vulnerability involves SQL injection via the keys of the 'options' parameter within 'product_data' for all versions up to 2.1.2. Root cause: in...
EUVD-2026-19820
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization...
CVE-2026-32516
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...
CVE-2026-32515
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...
CVE-2026-24977
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through = 2.1.2...
CVE-2026-26201
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...
CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...
CVE-2026-1554
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2025-60207 WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...
CVE-2025-58251
Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through = 2.1.2...
CVE-2025-59142 [email protected] contains malware after npm account takeover
color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
WordPress Inspiro plugin <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Inspiro versions = 2.1.2...
WordPress plugin Hover Effects SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress Hesabfa Accounting Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Hesabfa Accounting versions = 2.1.2...
WordPress Good Old Gallery Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Good Old Gallery versions = 2.1.2...
WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin MBE eShip versions = 2.1.2...
WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts versions = 2.1.2...