725 matches found
CVE-2026-7634
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
PT-2026-44203
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
EUVD-2026-32177
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...
JLSEC-2026-560
singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-39655
Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...
PT-2026-43195
Name of the Vulnerable Software and Affected Versions Mayosis Core versions prior to 5.4.7 Description Missing Authorization in TeconceTheme Mayosis Core allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version later than 5.4.7...
WordPress plugin Mayosis Core 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-47119
An issue in the component luaG runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...
PT-2026-47113
Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaG traceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret
NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...
Security update for openssh
This update for openssh fixes the following issues Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise Micro for Rancher 5.3...
CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0
Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...
WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...
2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5087544)
2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems KB5087544...
CVE-2026-42051
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2022-50954
creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...
CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
EUVD-2026-28890
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...