CVE-2026-2382

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-2382

The FPW Category Thumbnails plugin for WordPress is affected by a Stored Cross-Site Scripting (Stored XSS) issue in all versions up to and including 1.9.5. The vulnerability arises from insufficient input sanitization and output escaping in the id parameter of the fpw_fs_get_file AJAX action, all...

PT-2026-45702

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw fs get file' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-39821 affecting package packer for versions less than 1.9.5-14

CVE-2026-39821 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-39835 affecting package packer for versions less than 1.9.5-14

CVE-2026-39835 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-39827 affecting package packer for versions less than 1.9.5-14

CVE-2026-39827 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-25681 affecting package packer for versions less than 1.9.5-14

CVE-2026-25681 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-25680 affecting package packer for versions less than 1.9.5-14

CVE-2026-25680 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-46598 affecting package packer for versions less than 1.9.5-14

CVE-2026-46598 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

Astra Linux - уязвимость в unbound

Unbound before version 1.9.5 allows for an integer overflow in the regional allocator through regionalalloc. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в unbound

Unbound before version 1.9.5 can cause assertion failures and denial of service in synthcname. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an active UnBound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed for an integer overflow in sldnsstr2wirednamebuforigin, resulting in an out-of-bounds write. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed configuration injection in the createunboundadservers.sh script after a successful man-in-the-middle attack on a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contribute...

Astra Linux - уязвимость в unbound

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

CVE-2026-39528

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.5...

EUVD-2026-20188

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.5...

PT-2026-31144

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through = 1.9.5...

CVE-2026-4847

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

CVE-2026-4845 dameng100 muucmf index.html cross site scripting

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The...

CVE-2025-47911 affecting package packer for versions less than 1.9.5-13

CVE-2025-47911 affecting package packer for versions less than 1.9.5-13. A patched version of the package is available...