CVE-2026-42545

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

CVE-2026-4860

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...

CVE-2026-3966 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...

CVE-2026-25338

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.7.4...

CVE-2026-25338

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.7.4...

WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20705

Name of the Vulnerable Software and Affected Versions Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS versions through 2.7.4 Description An authorization issue exists in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant, stemming from incorrectly...

Fedora 43 : mingw-expat (2026-37324381f3)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-37324381f3 advisory. Update to expat-2.7.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 42 : mingw-expat (2026-298986b2a3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-298986b2a3 advisory. Update to expat-2.7.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

CVE-2025-68073

CVE-2025-68073 describes a Missing Authorization vulnerability in the WordPress plugin “Ninja Team GDPR CCPA Compliance Support” (ninja-gdpr-compliance). Affected versions are up to 2.7.4. The issue arises from improperly configured access control, allowing exploitation of security levels. The CV...

CVE-2025-68073 WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...

WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.4...

EUVD-2025-201971

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through = 2.7.4...

CVE-2025-63058

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through = 2.7.6...

PT-2025-50058

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through = 2.7.4...

CVE-2025-48338 WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

PT-2025-43163

Name of the Vulnerable Software and Affected Versions WP Abstracts versions through 2.7.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...

EUVD-2018-0212

Malware in sbrugna...

EUVD-2023-36833

Malicious code in bioql PyPI...