WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme EasyMeals versions = 1.5.1...

WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Manufaktur Solutions versions = 1.1.1...

WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Ashtanga versions = 1.2...

CVE-2026-29013

A flaw was found in libcoap. Attackers can send specially crafted Constrained Application Protocol CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing and potentially lead to heap buffer overflow writes due t...

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Elementra versions = 1.0.9...

CVE-2026-6594

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

CVE-2026-6594

A vulnerability identified as CVE-2026-6594 affects brikcss merge up to version 1.3.0. The issue enables prototype pollution by manipulating proto /constructor.prototype/prototype, with remote exploitation possible. Product/vendor details beyond brikcss merge are not provided in the connected doc...

merge 安全漏洞

“merge” is a recursive object merging tool developed by brikcss. Versions of “merge” prior to 1.3.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters like proto/constructor.prototype/prototype, which could lead to improper modification of objec...

WebVuln-Chain-Framework

WebVuln Chain Framework Modular web vulnerability scanner w...

GHSA-W9R4-94FJ-XP69 Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case the variables were retrieved by the user the secrets stored as nested fields were not masked. If developers do not store variables with sensitive values in JSON form, their projects are not affected. Otherwise...

PYSEC-2026-19

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackOI function when processing a malicious PTP ObjectInfo response. An attacker can cause the application to read memory beyond the intended buffer by supplying specially crafted data, potentially leading...

protobuf.js 安全漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js prior to 8.0.1 and 7.5.5...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.0, there were security...

CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

CVE-2026-40340

libgphoto2 (versions up to and including 2.5.33) contains an out-of-bounds read in ptp_unpack_OI() within camlibs/ptp2/ptp-pack.c (lines 530–563). The code validates len

CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

EUVD-2026-23589

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/personId endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson restrictions, the API layer...