CVE-2026-44886 Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the date filter in filters/date.ts and the strftime formatter in...

LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

CVE-2026-40914

creationtimestamp| type| source ---|---|--- 2026-05-27 17:32:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmtzzmt3ah2e 2026-05-29 11:39:38+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mmyhafj65s2p...

CVE-2026-48544

creationtimestamp| type| source ---|---|--- 2026-05-27 17:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtydxa2kt2w...

CVE-2026-46624

creationtimestamp| type| source ---|---|--- 2026-05-27 16:37:41+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmtwwhceoy2u...

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-45952

creationtimestamp| type| source ---|---|--- 2026-05-27 15:13:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116647184733986841...

EUVD-2026-32541

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-49051 WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-49051

CVE-2026-49051 affects the WordPress plugin WP Meta and Date Remover up to version 2.3.6. The issue is a Missing Authorization vulnerability caused by broken access control that allows exploitation through incorrectly configured access levels. Documents indicate affected plugin versions and a med...

CVE-2026-49051 WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Meta and Date Remover versions = 2.3.6...

CVE-2026-48903

creationtimestamp| type| source ---|---|--- 2026-05-27 14:35:37+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmtq56q4l22q...

CVE-2026-45843

creationtimestamp| type| source ---|---|--- 2026-05-27 13:13:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmtljuj43y2t...

CVE-2026-7078

creationtimestamp| type| source ---|---|--- 2026-05-27 12:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmthtpldq22r...

CVE-2026-46439

creationtimestamp| type| source ---|---|--- 2026-05-27 11:43:24+00:00| published-proof-of-concept| https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-gg2g-p7xc-qqmm...

SUSE CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

CVE-2026-49002

creationtimestamp| type| source ---|---|--- 2026-05-27 10:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtarc2msy2e 2026-05-27 12:23:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmtiqiks7s2r...