78 matches found
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
EUVD-2026-30246
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
PT-2026-40883
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
CVE-2025-55449
AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. In Redis 7.0, before version 7.0.12, extracting key names from a command and a list of arguments could, in some cases, trigger a heap overflow, leading to the reading of random heap memory, heap corruption, and potentially remote code...
CVE-2026-31871
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...
CVE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...
EUVD-2026-11277
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in Increment operation on PostgreSQL...
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL
Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992198)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992198 advisory. In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need...
CVE-2025-62652
CVE-2025-62652 is a stored XSS in the Wikimedia Foundation MediaWiki WebAuthn extension (versions 1.39, 1.43, 1.44). The underlying issue is improper neutralization of input during web page generation, enabling stored Cross-Site Scripting. Affected component: WebAuthn extension for MediaWiki; imp...
CVE-2023-53423
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
CVE-2023-53423
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
UBUNTU-CVE-2023-53423
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
CVE-2023-53423 objtool: Fix memory leak in create_static_call_sections()
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
CVE-2023-53423 objtool: Fix memory leak in create_static_call_sections()
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in createstaticcallsections strdup allocates memory for keyname. We need to release the memory in the following error paths. Add free to avoid memory leak...
SUSE CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...