GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue

Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the datesequence computation. An attacker can exhaust server resources and deny service to other users by creating routines with extremely large date ranges and triggering endpoin...

CVE-2026-4920

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2026-39803

creationtimestamp| type| source ---|---|--- 2026-05-13 13:31:14+00:00| published-proof-of-concept| https://github.com/mtrudel/bandit/security/advisories/GHSA-9q9q-324x-93r2 2026-05-13 15:57:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqo6ksu2u2p...

CVE-2026-6828

creationtimestamp| type| source ---|---|--- 2026-05-13 07:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlprwxndqw2c 2026-05-15 02:26:50+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlubsvnltr2x...

CVE-2026-8388

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2017-3107

creationtimestamp| type| source ---|---|--- 2026-05-13 05:24:59+00:00| seen| https://bsky.app/profile/adobedigest.bsky.social/post/3mlpktqjvmu26...

Malicious code in knot-date-utils-rb (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

MAL-2026-3631 Malicious code in knot-date-utils-rb (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

CVE-2026-43685

creationtimestamp| type| source ---|---|--- 2026-05-13 01:12:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp4qnn5722o...

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

CVE-2026-44868

creationtimestamp| type| source ---|---|--- 2026-05-12 23:14:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlow4smlga2i...

CVE-2026-44872

creationtimestamp| type| source ---|---|--- 2026-05-12 23:11:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlovxghm5q2o 2026-05-18 12:54:13+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116595677754011235...

CVE-2026-23825

creationtimestamp| type| source ---|---|--- 2026-05-12 22:12:48+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mlosowixs22c...

CVE-2026-23824

creationtimestamp| type| source ---|---|--- 2026-05-12 22:11:07+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mloslwa2kq2e...

CVE-2026-39534

creationtimestamp| type| source ---|---|--- 2026-05-12 16:35:45+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3mlo7u7vfno26...

CVE-2026-40357

creationtimestamp| type| source ---|---|--- 2026-05-12 15:53:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

CVE-2026-40418

creationtimestamp| type| source ---|---|--- 2026-05-12 15:53:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

CVE-2026-41102

creationtimestamp| type| source ---|---|--- 2026-05-12 15:53:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

CVE-2026-40367

creationtimestamp| type| source ---|---|--- 2026-05-12 15:53:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...