5 matches found
CVE-2026-48818
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
CVE-2026-30969
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...
WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload
Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...
WordPress Taxi Booking Manager for WooCommerce Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Taxi Booking Manager for WooCommerce Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43986 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cd7a0b805b0e Credits Sharanabasappa...
WordPress Contact Form by TotalForm Plugin <= 1.0.0 is vulnerable to Backdoor
Software Contact Form by TotalForm Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0dad1dc6ec75 Credits Sansec.io Required privilege Unauthenticated Published ...