CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

Freshworks Platform 输入验证错误漏洞

Freshworks Platform is a customer service software platform from Freshworks USA. An input validation error vulnerability exists in Freshworks Platform versions 1.2.3 and earlier, which stems from an open redirect due to a misbehavior of file/api/v2/logout with respect to the parameter...

WordPress AutoListicle plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin AutoListicle versions = 1.2.3...