CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability

Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...

PT-2026-31565

Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...

WordPress Filestack Official plugin <= 2.1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Filestack Official versions = 2.1.0...

CVE-2026-1889 Outgrow <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute

The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-24542 WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...

CVE-2026-24387 WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through = 2.1...

ruoyi-go 路径遍历漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...

WordPress plugin Revy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Caspio Bridge Custom Database Applications by Caspio 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Caspio Bridge Custom...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +874 more potentially affected by CVE-2025-30474 via org.apache.commons:commons-vfs2 (>=2.0 <=2.1)

org.apache.commons:commons-vfs2 MAVEN version =2.0, =0.0.4, =1.0.0, =1.0.0, =3.6.1, =3.11.0, =1.0-alpha-1, =1.0-alpha-1, =0.5, =0.5.1 and more Source cves: CVE-2025-30474 Source advisory: OSV:GHSA-3936-3GX6-49C4...

PT-2025-5927 · Reverbnation · Reverbnation Widgets

Name of the Vulnerable Software and Affected Versions: ReverbNation Widgets versions n/a through 2.1 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically Stored XSS. This allows for...

PT-2025-4029 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the CHAT ID parameter in the endpoint "/embedai/chats/load messages?ch...

PT-2025-4472 · Unknown · Pjfc Syncfields

Name of the Vulnerable Software and Affected Versions: PJFC SyncFields versions n/a through 2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious script...

WordPress plugin LionScripts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...

WordPress DocumentPress plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin DocumentPress versions = 2.1...

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-25868 · Unknown · Pk Favicon Manager

Name of the Vulnerable Software and Affected Versions: Pk Favicon Manager versions n/a through 2.1 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Pk Favicon Manager. Recommendations: For versions n/a through 2.1, update to a version that...

CVE-2023-34175

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GrandSlambert Login Configurator plugin = 2.1 versions...