CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

CVE-2026-30346

CVE-2026-30346 affects hunvreus DevPush v0.3.2 with an open redirect in the /api/google/authorize endpoint. The underlying issue allows an attacker to redirect users to malicious sites by supplying a crafted URL. Impact details are that redirects could lead users to unintended destinations; explo...

/dev/push 输入验证错误漏洞

/dev/push is an open-source application hosting platform developed by Ronan Berder, designed for zero-downtime deployment and real-time monitoring. Version 0.3.2 of /dev/push contains a vulnerability related to input validation. This vulnerability stems from an open redirection in...

EUVD-2026-25877

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

WeKnora 访问控制错误漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.2 of WeKnora, there was an access control vulnerability. This vulnerability stemmed from an...

CVE-2026-1912

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Citations tools 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-62905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

CVE-2025-62905 WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

EUVD-2009-3314

Malware in sbrugna...

EUVD-2018-1314

Malware in sbrugna...