1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +261 more potentially affected by unknown CVE via @antv/g-canvas (>=2.0.0 <=2.2.0)

@antv/g-canvas NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.1.0, =1.1.0, =2.0.0, =2.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGCANVAS-16754493...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/thumbnails-component (=2.0.0)

@antv/thumbnails-component NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/thumbnails-component and may be impacted: - @antv/auto-chart =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory:...

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...

EUVD-2025-208300

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through = 2.0.19.12...

CVE-2025-14144

CVE-2025-14144 affects Mstoic Shortcodes for WordPress. The vulnerability is a stored XSS via the start attribute of the ms_youtube_embeds shortcode, present in all versions up to and including 2.0, due to insufficient input sanitization and output escaping. Exploitation requires authentication a...

WordPress Binary MLM Woocommerce plugin <= 2.0 - Reflected Cross-Site Scripting via 'page' vulnerability

Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Binary MLM Woocommerce versions = 2.0...

Kissflow Work Platform 安全漏洞

Kissflow Work Platform is a low-code process automation platform from Kissflow, Inc. in the United States. A security vulnerability exists in Kissflow Work Platform versions v2.0 through v4.2, which originates from the injection of a specially crafted payload and could lead to a stored cross-site...

CVE-2025-59691

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In th...

Zevenet Zen Load Balancer 安全漏洞

Zevenet Zen Load Balancer is an application delivery controller from Zevenet, Spain. A security vulnerability exists in Zevenet Zen Load Balancer version 2.0 and 3.0-rc1, which stems from an unvalidated filelog parameter being passed directly to the exec function, which could lead to remote code...

WordPress plugin Asset-Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

IBM Analytics Content Hub 安全漏洞

IBM Analytics Content Hub is a clean streaming experience from International Business Machines IBM that visualizes relevant analytics by extracting content from IBM and other analytics providers. A security vulnerability exists in IBM Analytics Content Hub versions 2.0, 2.1, 2.2, and 2.3 that ste...

@async-atharv/ipaship (>=1.2.1 <=1.2.2), @bentwnghk/chat (>=1.85.2 <=1.107.2) +96 more potentially affected by CVE-2025-53548 via @clerk/backend (>=2.0.0 <=2.33.5)

@clerk/backend NPM version =2.0.0, =1.2.1, =1.85.2, =0.0.1, =3.0.3, =0.1.0, =2.8.0-snapshot.v20250514155045, =1.5.0-snapshot.v20250514155045, =2.3.0, =6.20.0-snapshot.v20250514155045, =1.7.0, =1.5.0, =4.8.0, =0.16.0, =1.7.0-snapshot.v20250514155045, =1.0.4, =1.0.7 and more Source cves:...

CVE-2025-5956

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...

CVE-2025-47626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through 2.0...

WordPress plugin Salesmate Add-On for Gravity Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...

WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Hide Admin Bar versions = 2.0...

WordPress Simple Download Counter plugin <= 2.0 - Authenticated (Author+) Arbitrary File Read vulnerability

Authenticated Author+ Arbitrary File Read vulnerability discovered by omstaendlig in WordPress Plugin Simple Download Counter versions = 2.0...

WordPress WP Media Category Management plugin 2.0-2.3.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin WP Media Category Management versions 2.0-2.3.3...

WordPress plugin Show notice or message on admin area 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...