CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

CVE-2026-7700

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

Axios: Header Injection via Prototype Pollution

Summary A prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders,...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.10 to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authorization handling in Microsoft Teams SSO call processing programs. The system...

PT-2026-37316

Name of the Vulnerable Software and Affected Versions ciguard versions 0.8.0 through 0.8.1 Description The discover pipeline files function in src/ciguard/discovery.py improperly handles symlinks when walking a directory tree. An attacker who can place a symlink in a directory being scanned can...

PT-2026-36996

Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.2 Description The normalize function decoded percent-encoded authority delimiters within the host component and re-emitted them as raw delimiters during serialization. This allows a host combining an allowed...

ROS-20260505-73-0027

A vulnerability in the appendChild and clearidcache functions of the Python programming language interpreter CPython is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-36962

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import images function. This makes it possible for authenticated attackers, with contributor-level access and above, ...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient data validation in the InterestGroups function, which could allow remote attackers to exploit...

PT-2026-37223

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow exists in the CGI Handler component within the /user group.asp file. This issue occurs in the sprintf function and can be triggered remotely through manipulation. Recommendations ...

Lightweight Vulnerability Detection from Code Metrics and Token Features

Vulnerability detection for C/C++ code increasingly relies on heavy representations such as code graphs and deep models, while many practical workflows still benefit from fast and reproducible ranking baselines for human triage. This preprint studies a lightweight function-level vulnerability...

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

WordPress plugin Betheme 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

VulnCheck KEV: CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

ROS-20260505-73-0025

A vulnerability in the appendChild and clearidcache functions of the Python programming language interpreter CPython is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-37084

Name of the Vulnerable Software and Affected Versions Crestron devices affected versions not specified Description A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is...

Wireshark MCP Server 命令注入漏洞

Wireshark MCP Server is a network packet capture and analysis tool developed by AG Personal Developers. Wireshark MCP Server has a command injection vulnerability, which stems from a issue with the quickcapture function in the pysharkmcp.py file. This vulnerability may lead to command injection v...

ROS-20260505-73-0022

A vulnerability in the os.path.expandvars function of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from issues with the check time and usage time in the validateScriptFileForShellBleed function. This could...