8 matches found
Astra Linux – Vulnerability in node-brace-expansion
A vulnerability was discovered in the juliangruber brace-expansion library, up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regula...
AI Development Assistant MCP Server 注入漏洞
The AI Development Assistant MCP Server is an AI development assistant developed by Kevin Leneway. Versions of the AI Development Assistant MCP Server 2.0.1 and earlier have a vulnerability due to command injection in the runCodeReviewTool function found in the src/tools/codeReview.ts file, which...
aima (=2023.2.4), appcensus-dynamic-repos (>=2.0.113 <=2.1.117) +27 more potentially affected by CVE-2026-41140 via poetry (>=2.0.1 <=2.3.3)
poetry PYPI version =2.0.1, =2.0.113, =0.0.2, =1.0.7, =0.1.1, =1.5.12, =0.2.0, =0.4.3, =1.5.4, =0.1.2, =0.1.6 and more Source cves: CVE-2026-41140 Source advisory: SNYK:PYTHON-POETRY-16122096...
WordPress plugin BuilderPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-1454 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...
WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Series versions = 2.0.1...
PT-2025-47802
Name of the Vulnerable Software and Affected Versions Zegen Core versions prior to 2.0.1 Description The Zegen Core plugin for WordPress is susceptible to a Cross-Site Request Forgery CSRF issue leading to Arbitrary File Upload. This is caused by a lack of nonce validation and file type validatio...
PT-2024-37704 · WordPress · Add Admin Css
Name of the Vulnerable Software and Affected Versions: Add Admin CSS plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors on. This allows...