CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

CVE-2026-39386

CVE-2026-39386 affects the Neko self-hosted virtual browser running in Docker with WebRTC. In versions 3.0.0–3.0.10 and 3.1.0–3.1.1, any authenticated user can escalate privileges to obtain full administrative control over the instance (e.g., member management, room settings, broadcast control, s...

UBUNTU-CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

CVE-2025-67947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

WordPress plugin AdForest Elementor has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

CVE-2025-12916

CVE-2025-12916 affects Sangfor Operation and Maintenance Security Management System 3.0, specifically the Frontend component’s /fort/portal_login. The vulnerability arises from manipulating the loginUrl argument, enabling remote command injection. Public disclosures indicate exploitation is possi...

IBM Content Navigator 安全漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, and 3.2.0, which originate...

EUVD-2024-34360

Malicious code in bioql PyPI...

CVE-2023-51488

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11...

CVE-2023-51489

Cross-Site Request Forgery CSRF vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11...

GHSA-RCQJ-3FMP-5CQX Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs

Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive configuration properties in plain text in application logs. This vulnerability can lead to unintended...

GHSA-V2MW-5MCH-W8C5 canvg Prototype Pollution vulnerability

An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement...

CVE-2024-11916

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with...

WordPress plugin XML for Google Merchant Center 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-11916

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with...

PT-2025-1714 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.11 Description: The issue is related to a missing capability check on several functions, allowing authenticated attackers with subscriber-lev...

WordPress The Ultimate WordPress Toolkit plugin <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.11...

WordPress plugin Animator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-15147 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2. Description: The issue is related to Missing Authorization, which allows authenticated attackers wi...