GHSA-GG5M-55JJ-8M5G

creationtimestamp| type| source ---|---|--- 2026-03-13 09:40:05+00:00| seen| https://gist.github.com/alon710/c7a26a3aa4c5be8cf9da1316183bceec...

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

GHSA-2F24-MG4X-534Q

creationtimestamp| type| source ---|---|--- 2026-03-13 06:40:06+00:00| seen| https://gist.github.com/alon710/741d463a436134d071dd4a30bdde2bd7...

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

CVE-2024-3838

creationtimestamp| type| source ---|---|--- 2026-03-13 02:18:43+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3mgvtyi6ljj2z...

model.weights.h5: h5py.ExternalLink at Group level silently followed during load_model(), bypassing CVE-2025-9905 fix — information disclosure from arbitrary HDF5 files

Keras 3.x introduced a fix for CVE-2025-9905 by checking dataset.external in H5IOStore.verifydataset. This check blocks datasets whose raw bytes are stored in external files via the HDF5 "External Data Storage" mechanism. However, HDF5 supports a second, unrelated external-reference mechanism:...

CVE-2026-28495

creationtimestamp| type| source ---|---|--- 2026-03-13 01:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mgvpm4fofr23...

CVE-2025-22056

creationtimestamp| type| source ---|---|--- 2026-03-13 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0290/...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-25392

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR802N version 4 TP-Link TL-WR841N version 14 TP-Link TL-WR840N version 6 Description A command injection issue exists due to improper handling of special characters within OS commands. The issue is present in the router configurati...

TP-Link Omada Switches 安全漏洞

TP-Link Omada switches are a series of switches produced by TP-Link, a Chinese company. The TP-Link Omada switches have security vulnerabilities. These vulnerabilities stem from insufficient validation of the web interface, which may lead to out-of-bound memory access when processing specially...

PT-2026-25153

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handle one time stripe link return url marking payment records as complete based solely on the Stripe PaymentIntent statu...

Cisco Unified Intelligence Center XSS (cisco-sa-cc-xss-MrNAH5Jh)

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2026-32123

creationtimestamp| type| source ---|---|--- 2026-03-12 23:59:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgvma7tyuo2h...

GHSA-M48G-4WR2-J2H6

creationtimestamp| type| source ---|---|--- 2026-03-12 23:40:05+00:00| seen| https://gist.github.com/alon710/9ef399a547181d8113741f42776f0b40...

CVE-2026-3909

creationtimestamp| type| source ---|---|--- 2026-03-12 23:01:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgvixkqqrb2o 2026-03-13 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0286/ 2026-03-13 01:52:18+00:00| seen|...

GHSA-M9PM-W3GV-C68F

creationtimestamp| type| source ---|---|--- 2026-03-12 22:40:05+00:00| seen| https://gist.github.com/alon710/513d69d6cc7cbaf7bac9c0b1746fd288...

CVE-2026-32248

creationtimestamp| type| source ---|---|--- 2026-03-12 22:17:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgvgiq367b2x 2026-03-13 07:32:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116220700178176253 2026-03-13 08:10:06+00:00| seen|...

GHSA-5WCW-8JJV-M286

creationtimestamp| type| source ---|---|--- 2026-03-12 21:40:06+00:00| seen| https://gist.github.com/alon710/0f0bc9cd4afad87103e8849c1243c70d 2026-03-18 09:37:39+00:00| seen| https://bsky.app/profile/agentwyre.ai/post/3mhd6txqyqs26...