CVE-2026-6179

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress plugin Accessibility Suite by Ability, Inc 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress plugin AcyMailing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

ABB Ability Symphony Plus Engineering

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...

WordPress plugin Hustle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin MDJM Event Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin PDF Invoices & Packing Slips for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Activity Log for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-1774

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.19.3) +402 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: OSV:GHSA-X9VF-53Q3-CVX6...

Prototype Pollution

Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.19.3) +402 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: SNYK:JS-CASLABILITY-15268419...

CVE-2026-1774

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774

CASL Ability (versions 2.4.0–6.7.4) contains a prototype pollution vulnerability likely via the extra/rulesToFields path handling, allowing manipulation of Object.prototype. Affected components include the setByPath logic within the prototype pollution surface; impact can range from DoS to potent...

PT-2026-7279

Name of the Vulnerable Software and Affected Versions CASL Ability versions 2.4.0 through 6.7.4 Description CASL Ability contains a prototype pollution vulnerability. This issue affects versions 2.4.0 through 6.7.4. Prototype pollution occurs when an attacker manipulates the properties of...