Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

CVE-2026-49486 Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

CVE-2026-49486

The CVE concerns the Apache Airflow FTP provider. The FTPSHook.get_conn() creates an ftplib.FTP_TLS connection but does not call prot_p(), leaving the data channel unencrypted even though the control channel is TLS-protected. This exposes file contents and credentials-in-transit to anyone who can...

CVE-2026-54274

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. An attacker can exploit this vulnerability by sending large, incomplete websocket frame payloads. This can bypass normal memory usage limits, potentially leading to a Denial of Service DoS where the affected system becomes...

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

CVE-2026-41566

CVE-2026-41566 affects Apache Kvrocks 2.8.0 and is described as an improper handling of insufficient permissions or privileges, specifically related to the APPLYBATCH command. The issue is rated high risk (CVSS 4.0 base 9.4) with impact on confidentiality, integrity, and availability. No exploita...

CVE-2026-54226

CVE-2026-54226 — Apache Kvrocks (RESTORE IntSet Integer Overflow) * Affects Kvrocks versions 2.6.0 through 2.15.0. The entry title indicates an integer overflow in RESTORE IntSet that can lead to a remote DoS. The fix is to upgrade to version 2.16.0. No exploitation details or in-the-wild status ...

PT-2026-51548

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

Improper Locking

Overview Affected versions of this package are vulnerable to Improper Locking in the releasewritelock and releasereadlock functions. An attacker can disrupt synchronization guarantees and exploit data races or cause denial of service by invoking these functions from unauthorized threads or withou...

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in...

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

GHSA-HCXC-WF8J-23HV OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...

CVE-2026-49230

CVE-2026-49230 affects Apache APISIX via the jwe-decrypt plugin in default config, enabling authentication bypass. Vulnerable versions are 3.8.0–3.16.0; remediation is upgrade to 3.17.0. The CVE details indicate a improper validation of an integrity check value, with a network-exposed risk. If ex...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and clients. Clients based on FreeRDP on Unix systems that use the /parallel command-line switch may read uninitialized data and send it to the server to which the client is currently connected. Server implementations based on FreeRDP are not...

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the PATH environment variable influencing the selection of the trash executable during maintenance tasks. An attacker can execute unintended local executables by...

Unsafe Dependency Resolution

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...