27 matches found
CVE-2026-48814
Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions
EUVD-2026-36839
Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...
WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AutomatorWP versions = 5.7.2...
CVE-2026-25223
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...
CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...
Fastify's Content-Type header tab character allows body validation bypass
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the serve...
PT-2026-6444
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server...
CVE-2026-24381
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24381
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24381
CVE-2026-24381 is a SSRF in PhotoMe photome (WordPress theme/plugin) affecting PhotoMe versions before 5.7.2. Public disclosures in multiple feeds confirm an unauthenticated SSRF; Red Hat, CIRCL, NVD, and Wordfence reference this entry. The issue targets the PhotoMe photome component; remediation...
MilleGPG5 security vulnerabilities
MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...
CVE-2025-11369
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...
CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...
CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
PT-2025-44547
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the background color settings within Dashboards. This is due to inadequate validation or escaping of...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.2 that stems from the upload handler not...
PT-2025-44549
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Manage Users page within the Admin interface. This is due to inadequate validation or escaping of...
CVE-2024-30513
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2...