CVE-2026-28291

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

PT-2026-32486

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.32.0 Description The library allows the execution of arbitrary commands through the manipulation of Git options. This occurs because the unsafe operations plugin uses a regular-expression-based blocklist to preve...

EUVD-2023-12624

Malicious code in bioql PyPI...

CVE-2023-0584 VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...

Option buyers might loose funds due to vault owner's manipulation

Lines of code Vulnerability details Impact Option buyers might loose funds due to vault owner's manipulation Proof of Concept Alice creates a vault for her high valued NFT with a low price. Bob buys the option and sends premium. Alice buys the option from Bob by using an other EOA. Bob re-buys th...

WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery (Option Manipulation)

WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery Option Manipulation source: https://www.securityfocus.com/bid/68954/info WhyDoWork AdSense plugin for WordPress is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An...