CVE-2026-1755

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Menu Icons by ThemeIsle plugin <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by lucsob in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.20...

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

EUVD-2025-32426

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

Exposure of Information Through Directory Listing

Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...