CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27497

CVE-2026-27497 is connected to the n8n advisory GHSA-WXX7-MCGF-J869, which documents a remote code execution risk in the Merge node when used in SQL query mode. An authenticated user with permission to create or modify workflows can cause arbitrary code execution and write files on the n8n server...

OPENSUSE-SU-2026:10054-1 php-composer2-2.9.3-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.3-1.1 package on the GA media of openSUSE Tumbleweed...

Improper Encoding or Escaping of Output

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output for certain ConsoleI...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

Composer 注入漏洞

Composer is a Composer open source application. Provides a declaration, management and installation of PHP project dependencies. An injection vulnerability exists in Composer versions prior to 2.2.26 and prior to 2.9.3, which stems from the possibility that an attacker could inject ANSI control...

Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.3 release and security update

Streams for Apache Kafka 2.9.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2025-24778

Malicious code in bioql PyPI...

EUVD-2022-51662

Malicious code in bioql PyPI...

CVE-2025-49887

Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.3...

CVE-2025-49887

Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.3...

CVE-2025-49887

CVE-2025-49887 is a WordPress plugin vulnerability: WPFactory Product XML Feed Manager for WooCommerce

WordPress AI Engine plugin 2.9.3-2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions 2.9.3-2.9.4...

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2023-50847

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3...

CVE-2023-50829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...

CVE-2025-31488 Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Plain Craft Launcher PCL is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE...

CVE-2025-31488

Plain Craft Launcher (PCL) is affected. When a homepage uses WebBrowser controls in its WPF UI, the app loads the page via Internet Explorer in the background, allowing an attacker with a malicious homepage to access the target webpage without user awareness. The issue is fixed in version 2.9.3.

CVE-2024-12315

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...