CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

WordPress Builderall Builder for WordPress Plugin <= 2.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Builderall Builder for WordPress Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-30532 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 22729fc307...

WordPress Taboola Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Taboola Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-38398 Patch priority Low CVSS severity Low 4.3 Developer Taboola PSID a9d8aba5124e Credits Nguyen Xuan Chien Required privileg...