CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

CVE-2026-5559

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

PyBlade 安全漏洞

PyBlade is a lightweight and efficient Python template engine developed by Antares’ individual developers, supporting component-based development. Versions 0.1.8-alpha and 0.1.9-alpha of PyBlade contain security vulnerabilities, which stem from the improper handling of special elements within the...

EUVD-2026-12181

XSS in @leanprover/unicode-input-component...

XSS in @leanprover/unicode-input-component

Impact Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. Patches The issue has been resolved in 0.2.0. Workarounds Replace the...

Lean 4 VS Code Extension 安全漏洞

Lean 4 VS Code Extension is an open-source extension for VS Code. Versions of Lean 4 VS Code Extension 0.1.9 and earlier contain security vulnerabilities. These vulnerabilities stem from the @leanprover/unicode-input-component component reinserting text from input elements as unescaped HTML, whic...

CVE-2026-32732 XSS in @leanprover/unicode-input-component

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

CVE-2026-32732

CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

PT-2025-15008 · WordPress · Wp Genealogy

Name of the Vulnerable Software and Affected Versions: WP Genealogy – Your Family History Website versions 0.1.9 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels...

eisen (=0.1.9), eisen-deploy (>=0.0.1 <=0.0.2) potentially affected by CVE-2024-6577 via torchserve (=0.0.1b20200409)

torchserve PYPI version =0.0.1b20200409 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - eisen =0.1.9 - eisen-deploy =0.0.1, =0.0.2 Source cves: CVE-2024-6577 Source advisory: OSV:GHSA-XX7C-J7H3-VJCQ...

WordPress plugin Spotlightr 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-17228 · WordPress · Taeggie Feed

Name of the Vulnerable Software and Affected Versions: Taeggie Feed plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to stored cross-site scripting via the plugin's 'taeggie-feed' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Taeggie Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

WordPress Taeggie Feed plugin <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Taeggie Feed versions = 0.1.9...

bootc bug fix update

An update is available for bootc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bootable container system Bug Fixes: Update bootc to 0.1.9 JIRA:Rocky Linux-308...

PT-2023-27609 · Veilid · Veilid

Name of the Vulnerable Software and Affected Versions: Veilid versions prior to 0.1.9 Description: The issue allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data. This is due to the lack of size checking for uncompressed data during decompression upon a...

WordPress Plugin Marcelotorres Redirect After Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Malicious code in pandasprox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 09102fb6db10bc8a136ca7a902415e21c97a31cbf416c904a7efc49a10757320 The OpenSSF Package Analysis project identified 'pandasprox' @ 0.1.9 pypi as malicious. It is considered malicious because: - The package execut...