CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin = 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin JS Help Desk versions = 3.0.4...

CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...

ewe 安全漏洞

ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities; these vulnerabilities stemmed from an infinite loop in the handletrailers function, which could lead to a denial-of-service attack...

CVE-2026-1801 affecting package libsoup for versions less than 3.0.4-13

CVE-2026-1801 affecting package libsoup for versions less than 3.0.4-13. A patched version of the package is available...

CVE-2025-69388

CVE-2025-69388 affects WordPress Cliengo – Chatbot plugin

PT-2026-21169

Name of the Vulnerable Software and Affected Versions Cliengo – Chatbot versions through 3.0.4 Description An authorization issue exists in Cliengo – Chatbot, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Cliengo – Chatbot to a version...

OPENSUSE-SU-2026:10232-1 cosign-3.0.4-2.1 on GA media

These are all security issues fixed in the cosign-3.0.4-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

CVE-2026-23545 WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through = 3.0.4...

EUVD-2026-5579

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

PT-2026-6794

Name of the Vulnerable Software and Affected Versions DeepAudit versions prior to 3.0.5 Description An improper access control issue exists in DeepAudit versions 3.0.4 and earlier. The /api/v1/users/ API endpoint allows any authenticated user to enumerate all users within the system. This allows...

Exploit for CVE-2025-69906

make it a readme.md to paste into it CVE-2025-69906: Monstra...

CVE-2026-0944

The CVE-2026-0944 entry concerns Drupal Group Invite. Affected: Drupal Group invite module versions before 2.3.9, before 3.0.4, and before 4.0.4. Description: an improper check for unusual or exceptional conditions enables forceful browsing, effectively an access-bypass vulnerability. Impact: una...

CVE-2026-0944 Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

Drupal Group invite 安全漏洞

Drupal Group invite is a membership invitation module provided by the Drupal company. Versions prior to 2.3.9, 3.0.4, and 4.0.4 of Drupal Group invite contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead to forced browsing...

RUSTSEC-2026-0079 `DynFuture` drop can construct a dangling reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. And the crate is unmaintained...

gimp security update

2:3.0.4-1.2 - fix CVE-2025-14422 - fix CVE-2025-14423 - fix CVE-2025-14424 - fix CVE-2025-14425 2:3.0.4-1.1 - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fix CVE-2025-10923 - fix CVE-2025-10924 - fix CVE-2025-10925 - fix CVE-2025-10934...

CVE-2025-13967

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...