360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1507 more potentially affected by CVE-2026-48526 via pyjwt (>=0.2.1 <=2.12.1)

pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48526 Source advisory: OSV:PYSEC-2026-179...

WordPress Query Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Shortcode versions = 0.2.1...

CVE-2026-9200 Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...

MindSQL SQL注入漏洞

MindSQL is an open-source database interaction and retrieval enhancement generation library developed by MindInventory. Versions of MindSQL 0.2.1 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the askdb function in the mindsql/core/mindsqlcore.py file, which...

MindSQL 代码注入漏洞

MindSQL is an open-source database interaction and retrieval enhancement generation library developed by MindInventory. Versions of MindSQL 0.2.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the askdb function in the mindsql/core/mindsqlcore.py file, which...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

EUVD-2026-5630

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

CVE-2026-25651

CVE-2026-25651 affects the Node.js middleware client-certificate-auth. Versions 0.2.1 and 0.3.0 contain an open redirect vulnerability caused by unvalidated Host header handling in the HTTP-to-HTTPS redirect (redirecting to https://), enabling attackers to redirect users to arbitrary domains. Pub...

WordPress Download Media Library plugin <= 0.2.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Download Media Library versions = 0.2.1...

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

willitmerge 命令注入漏洞

willitmerge is a command line tool by the individual developer Kyle Robinson Young. A command injection vulnerability exists in willitmerge version 0.2.1 and earlier, which stems from improper use of the Unsafe Sub-Process Execution API and can lead to command injection...

CVE-2025-12712

CVE-2025-12712 (Shouty WordPress plugin) vulnerable in all versions up to 0.2.1 due to insufficient input sanitization and output escaping on shouty shortcode attributes, enabling stored cross-site scripting. Exploitation requires authenticated access at Contributor level or higher; an attacker c...

CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

PT-2024-33352 · Unknown · Feed Comments Number

Name of the Vulnerable Software and Affected Versions: Feed Comments Number versions 0.2.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading malicious files,...

PT-2024-29457 · Unknown · Lin-Cms Springboot

Name of the Vulnerable Software and Affected Versions: lin-CMS Springboot versions 0.2.1 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For versions 0.2.1 and before, consider...

Wordpress plugin WP-CORS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

@bigab/gulp-testee (>=0.0.1 <=0.0.2), books-fe-polymer-dev-sample (=1.0.0) +13 more potentially affected by CVE-2021-23330 via launchpad (>=0.2.1 <=0.7.5)

launchpad NPM version =0.2.1, =0.0.1, =0.3.1, =0.0.1, =0.0.1, =1.0.1, =0.2.0, =0.0.1, =0.0.5, =2.0.15, =1.0.1, =2.0.3, =3.4.2 Source cves: CVE-2021-23330 Source advisory: SNYK:JS-LAUNCHPAD-1044065...