CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

@agentscope-ai/chat (>=1.1.43 <=1.1.66), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)

@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16754949...

@antv/g2-extension-3d (>=0.2.0 <=1.0.0), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) potentially affected by unknown CVE via @antv/g-plugin-3d (>=2.0.42 <=2.1.1)

@antv/g-plugin-3d NPM version =2.0.42, =0.2.0, =0.1.0, =0.1.23 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGIN3D-16754988...

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from issues with the NGAP Message Handler component. This vulnerability may lead to memory corruption...

PT-2026-36824

Name of the Vulnerable Software and Affected Versions auth versions 1.18.0 through 1.25.1 auth versions 2.0.0 through 2.1.1 Description The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID instead of deriving a unique ID from the account returned by Patreo...

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +573 more potentially affected by CVE-2026-33671 via picomatch (>=2.1.1 <=2.3.1)

picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...

EUVD-2026-10906

Wisp Vulnerable to Path Traversal...

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

01os (=0.0.14), 10xscale-agentflow-cli (>=0.3.0 <=0.3.1) +11560 more potentially affected by CVE-2025-69534 via markdown (>=2.1.1 <=3.8.0)

markdown PYPI version =2.1.1, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 and more Source cves: CVE-2025-69534 Source advisory: OSV:GHSA-5WMX-573V-2QWQ...

WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin LC Wizard versions = 2.1.1...

PT-2026-4224

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through = 2.1.1...

WordPress Directorist Social Login plugin <= 2.1.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Directorist Social Login versions = 2.1.1...

WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...

CVE-2025-49902

The CVE-2025-49902 entry concerns the WordPress plugin Login Page Customizer – Customizer Login Page, Admin Page, Custom Design (versions

CVE-2025-12070

CVE-2025-12070 pertains to the WordPress ViaAds plugin up to version 2.1.1, where CSRF is possible due to missing nonce validation in the ViaAds_pluginHandler. This allows unauthenticated attackers to alter the plugin’s API key and cookie consent settings by sending forged requests that trick an ...

CVE-2025-11579

github.com/nwaples/rardecode versions =2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash...

CVE-2025-11579 DoS via Out Of Memory Crash

github.com/nwaples/rardecode versions =2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash...

PT-2025-39936

Name of the Vulnerable Software and Affected Versions The Big Post Shipping for WooCommerce plugin versions prior to 2.1.2 Description The software is susceptible to Stored Cross-Site Scripting through the 'wooboigpost shipping status' shortcode. Insufficient input sanitization and output escapin...

PT-2025-33270 · Unknown · Jeecgboot Jimureport

Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 2.1.1 Description: A vulnerability exists in jeecgboot JimuReport up to version 2.1.1, related to an unknown functionality within the /drag/onlDragDataSource/testConnection file of the Data Large Screen...

CVE-2023-23891

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...