CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...

CVE-2026-32736

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...

EUVD-2026-8590

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover...

CVE-2026-24909

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

CVE-2026-24909

CVE-2026-24909 concerns the vlt project: vulnerable in versions before 1.0.0-rc.10 due to improper path sanitization in tar extraction, enabling path traversal. In practice, a tar archive with crafted file paths could lead to extraction of files outside the target directory, as described in multi...

EUVD-2026-4860

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

PT-2026-5031

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

CVE-2017-18537

The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues...

CVE-2025-65807

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

CVE-2025-57806

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

Linux Distros Unpatched Vulnerability : CVE-2020-36568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

CVE-2022-40021

QVidium Technologies Amino A140 prior to firmware version 1.0.0-283 was discovered to contain a command injection vulnerability...

PT-2024-36334 · Pluginscafe · Pluginscafe Advanced Data Table For Elementor

Name of the Vulnerable Software and Affected Versions: Pluginscafe Advanced Data Table For Elementor versions prior to 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This enables attackers to...

PT-2024-35958 · Unknown · Sp-Php-Email-Handler

Name of the Vulnerable Software and Affected Versions: sp-php-email-handler versions prior to 1.0.0 Description: The sp-php-email-handler PHP package is vulnerable to abuse, allowing malicious actors to specify arbitrary email recipients and include user-provided content in confirmation emails...

PT-2024-33383 · Unknown · Ahime Image Printer

Name of the Vulnerable Software and Affected Versions: Ahime Image Printer versions prior to 1.0.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability affects Ahime Image Printer,...

Agent Dart 信任管理问题漏洞

Agent Dart is an AstroxNetwork open source agent library built for Internet computers for Dart and Flutter applications. A trust management issue vulnerability exists in Agent Dart prior to version 1.0.0-dev.29, which stems from certificate validation in lib/agent/certificate.dart not working...

CVE-2024-8601

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...

PT-2024-23736 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm versions prior to 1.0.0 Description: A remote code execution issue exists due to improper handling of environment variables. Attackers can exploit this by injecting arbitrary environment variables via the "POST...

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...