CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

CVE-2026-3496

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by VMware, a US-based company. Versions of VMware Spring Boot prior to 4.0.3, 3.5.11, and 3.4.15 contained security vulnerabilities. These vulnerabilities stemmed from applications that required authentication when specific paths were...

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

PT-2026-26087

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

EUVD-2026-11158

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability

WordPress Ally - Web Accessibility & Usability plugin = 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Ally versions = 4.0.3...

CVE-2026-27818

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818

TerriaJS-Server (Node.js Express) has a validation bug in versions prior to 4.0.3 that allows proxying of domains not explicitly allowed in the proxyableDomains allowlist. The issue is fixed in version 4.0.3. Impact is that unapproved domains could be proxied; explicit exploit details or in‑the‑w...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.am:syncope-client-am-enduser (>=4.0.0 <=4.0.3) +12 more potentially affected by CVE-2026-23794 via org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (>=4.0.0-M0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 - org.apache.syncope.ext.scimv2:syncope-ext-scimv2-client-console...

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

CVE-2026-22037

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

EUVD-2026-3320

@fastify/express vulnerable to Improper Handling of URL Encoding Hex Encoding...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...