CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

EUVD-2026-20841

A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...

PT-2026-22873

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description A Reflected Cross-Site Scripting XSS issue exists in the /index.cgi API endpoint. The application does not...

PT-2026-22876

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 Description An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility. An authenticated...

CVE-2020-37148 P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

CVE-2026-21912 Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

CVE-2025-68557

Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through = 1.0.1...

PT-2025-50836

The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom image' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...

TencentOS Server 4: java-11-konajdk (TSSA-2024:1018)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1018 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

icu-messageformat (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via icu-messageformat (=1.0.1)

icu-messageformat NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-messageformat and may be impacted: - icu-messageformat =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-49416...

CVE-2025-11806 Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...

CVE-2025-11810 Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

EUVD-2025-28211

Malicious code in bioql PyPI...

Security Bulletin: Astronomer with IBM is vulnerable to memory consumption and denial of service due to the net/http package (CVE-2021-44716, CVE-2022-27664)

Summary net/http is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...

PT-2025-5087 · Unknown · Wm Options Import Export

Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...

WordPress Market 360 Viewer plugin <= 1.01 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Market 360 Viewer versions = 1.01...

WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...

WordPress plugin WP Logs Book security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Jasmin The Ransomware 安全漏洞

Jasmin The Ransomware is a powerful ransomware security testing tool used by ReadTeams, a personal developer of Siddhant Gour. A security vulnerability exists in Jasmin The Ransomware version v.1.0.1. The vulnerability is exploited by attackers to obtain sensitive information via the...