CVE-2026-45544

CVE-2026-45544 affects Nextcloud Tables, part of the Nextcloud platform. From version 0.8.0 to before 1.0.4, the view filter criteria was exposed to users with read‑only permissions, enabling potential disclosure of metadata through the table view. The issue is mitigated by upgrading to Nextcloud...

DNStwist MCP Server 命令注入漏洞

DNStwist MCP Server is a domain name security detection tool developed by Burt personally. Versions of DNStwist MCP Server 1.0.4 and earlier contained a command injection vulnerability. This vulnerability stemmed from the fuzzdomain function in the src/index.ts file, where the Request operation o...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +97 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=1.0.4 <=3.9.2)

i18next-http-middleware NPM version =1.0.4, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.2, =0.1.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.8 and more Source cves: CVE-2026-41690 Source advisory: OSV:GHSA-5FGG-JCPF-8JJW...

CVE-2026-32520 WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)

simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:GHSA-44VG-5WV2-H2HG...

WordPress ZT Captcha plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ZT Captcha versions = 1.0.4...

CVE-2025-66151 WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through = 1.0.4...

WordPress plugin TR Timthumb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

CVE-2025-13542

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlmsregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

io.github.wwwlike:vlife-boot-starter-web (>=1.0.4 <=1.0.7), io.github.wwwlike:vlife-core (>=1.0.4 <=1.0.7) +2 more potentially affected by CVE-2025-13266 via io.github.wwwlike:vlife-base (>=1.0.4 <=1.0.7)

io.github.wwwlike:vlife-base MAVEN version =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.2, =1.0.7 Source cves: CVE-2025-13266 Source advisory: OSV:GHSA-CG6M-9276-QPJJ...

PT-2025-44270

Name of the Vulnerable Software and Affected Versions Thumbnail Slider With Lightbox versions up to and including 1.0.4 Description The Thumbnail Slider With Lightbox plugin for WordPress is susceptible to SQL Injection through the id parameter. Insufficient escaping of user-supplied input and...

freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +2 more potentially affected by CVE-2025-8709 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-8709 Source advisory: OSV:GHSA-4H97-WPXP-3757...

WordPress plugin Media Author 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

rs265_text-based-adventure-game (>=1.0.4 <=1.0.6) potentially affected by unknown CVE via halk (=0.0.1-security)

halk NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on halk and may be impacted: - rs265text-based-adventure-game =1.0.4, =1.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-22133...

WordPress Wp chart generator plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpchart Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Wp chart generator versions = 1.0.4...

WordPress plugin Free Downloads EDD Cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-14545 · Bl-Ac2100 · Bl-Ac2100

Name of the Vulnerable Software and Affected Versions: BL-AC2100 versions 1.0.4 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the enable parameter passed to "/goform/set hidessid cfg", which is not handled properly. Recommendations: For BL-AC2100 versio...

WordPress plugin Job Colors for WP Job Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Login Watchdog plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zlrqh in WordPress Plugin Login Watchdog versions = 1.0.4...