WordPress plugin Keep Backup Daily 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3577

CVE-2026-3577 affects the Keep Backup Daily plugin for WordPress. It is a Stored XSS via the backup title alias (val parameter) in the update_kbd_bkup_alias AJAX action, affecting all versions up to and including 2.1.2. The issue stems from insufficient input sanitization and output escaping: san...

CVE-2026-3577 Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title

The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the updatekbdbkupalias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While...

CVE-2026-3577

The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the updatekbdbkupalias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While...

ANT-2026-HY56VRSB · nginx · Heap

heap-buffer-overflow high CVE-2026-27654 Severity Claude high · Security research firm - · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-HY56VRSB: Heap buffer overflow in...

PT-2026-26723

The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the update kbd bkup alias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While sanitize...

GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

PT-2026-26480

Name of the Vulnerable Software and Affected Versions Dasel versions 3.0.0 through 3.3.1 Description Dasel’s YAML reader is susceptible to excessive CPU and memory consumption when processing YAML data supplied by an attacker. This occurs because the library’s UnmarshalYAML implementation...

Important: 389-ds-base

Issue Overview: A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for...

389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

CVE-2026-32232

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

CVE-2026-32232

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

CVE-2026-32232 ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This vulnerability is fixed in 0.7.6...

PT-2026-25043

CVE-2026-32232 ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass, TOCTOU Between Validation and Use, and Hardlink Alias Bypass. This… https://t.co/rVG7NT7AHt...

EUVD-2026-11184

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497

Neo4j Enterprise suffers an incorrect namespace resolution in composite databases, before versions 2026.02 and 5.26.22. An admin granting access to a remote constituent "namespace.name" can inadvertently grant privileges to any local database or remote alias named "name"; if that target doesn’t e...

389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...