CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441

CVE-2026-32441 is a Missing Authorization vulnerability in the WordPress plugin Comments Import & Export for WooCommerce, affecting versions up to and including 2.4.9. Connected sources confirm the issue type but do not provide exploit vectors, exact root cause, or a published fix in the supplied...

Path Traversal

SiYuan is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the importZipMd function, which allows an authenticated attacker to overwrite arbitrary files on the system and potentially achieve remote code execution...

Malicious code in auth0-ai-ms-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e341dbac5b5fcd3b5a882b5ee47e26051b72bacd4d552790c684174ba0e69ae Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

SUSE CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

SUSE CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

PT-2026-28512

Name of the Vulnerable Software and Affected Versions Metabase Enterprise versions 1.47 through 1.54.21 Metabase Enterprise versions 1.55.0 through 1.55.21 Metabase Enterprise versions 1.56.0 through 1.56.21 Metabase Enterprise versions 1.57.0 through 1.57.15 Metabase Enterprise versions 1.58.0...

PT-2026-28166

Name of the Vulnerable Software and Affected Versions Zoraxy versions prior to 3.3.2 Description Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A path traversal vulnerability exists in the configuration import endpoint /api/conf/import when handling zip file entries. An...

WordPress plugin Comments Import & Export 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-27997

Name of the Vulnerable Software and Affected Versions WebToffee Comments Import & Export versions n/a through 2.4.9 Description An authorization issue exists in WebToffee Comments Import & Export comments-import-export-woocommerce. The issue involves exploiting incorrectly configured access contr...

PT-2026-28155

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353

CVE-2026-33353 affects Soft Serve: from v0.6.0 to before v0.11.6 an authorization flaw in repo import permits any authenticated SSH user to clone a server-local Git repository (even another user’s private repo) into a new repository under their control. The issue is mitigated by upgrading to v0.1...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

EUVD-2026-14013

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

WordPress JupiterX Core plugin <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import vulnerability

Authenticated Subscriber+ Missing Authorization To Limited File Upload via Popup Template Import vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin JupiterX Core versions = 4.14.1...