CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR ke...

CVE-2023-28988

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin = 2.1.48 versions...

WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS)

Software Direct checkout, Add to cart redirect for Woocommerce Type Plugin Vulnerable versions = 2.1.48 Fixed in 2.1.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28988 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

VulnCheck KEV: CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector...