NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...

CLEANSTART-2026-FB05615 Security fixes for CVE-2025-15558, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2

Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

Linux Distros Unpatched Vulnerability : CVE-2026-31891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a...

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

CVE-2026-23976 WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through = 2.13.4...

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.12.3 is vulnerable to Arbitrary File Upload

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.13.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6123 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 569eb657724e Credits István Márton Required...

CVE-2024-28231

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminate...