WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting

A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. id: CVE-2012-4768 info: name: WordPress Plugin Download Monitor 3.3.5.9 - Cross-Site...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

Campaign Monitor for WordPress - Information Disclosure

Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

IRTS OP5 Monitor - Cross-Site Scripting

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. id: CVE-2021-40272 info: name: IRTS OP5 Monitor - Cross-Site Scripting author: ritikchaddha severity: medium description: | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. impac...

Download Monitor < 4.4.5 - SQL Injection

The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

CVE-2026-33760

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

CVE-2026-33760 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

CVE-2026-33760

Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...

CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

CVE-2026-56263

CVE-2026-56263 affects Crawl4AI prior to 0.8.7. A stored cross-site scripting vulnerability exists in the monitor dashboard where crawl URLs and error messages are rendered via innerHTML without escaping. An attacker could submit a crafted crawl request and, when an operator views the dashboard, ...

EUVD-2026-38433

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

GHSA-XHF5-7WJV-PQXP containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

Astra Linux – Vulnerability in Intel Microcode

In some IntelR processors, the incorrect order of behavior during the transition between the executive monitor and the SMI transfer monitor STM may allow a privileged user to potentially enable privilege escalation through local access...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fixed the WARNON message for the monitor mode on some devices. On devices without WANTMONITORVIF and likely without channel context support, we receive a WARNON message when changing the per-link settings of a...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mt76: fixed the crash in monitor mode with the sdio driver. The mt7921s driver may receive frames with fragment buffers. If a CTS packet is received in monitor mode, the payload is only 10 bytes, and 6 bytes of header padding ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend operations; the system may hang during resume. During the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: using arrayindexnospec with indices that come from the guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks helps to mitigate speculative execution side-channels by clamping...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – A memory leak was avoided when enabling statistics. The driver uses monitor destination rings for both extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the...