CVE-2026-1250 Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

Cross-site Scripting (XSS)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Cross-site Scripting XSS in the corsProxy file. An attacker can execute arbitrary JavaScript in the victim's browser and in the victim's context by injecting malicious content into the url...

CVE-2026-44258 efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

CVE-2026-44258

CVE-2026-44258 affects efw4.X (Enterprise Framework for Web). Prior to 4.08.010, elfinder_checkRisk validates target/targets but not the dst parameter used by elfinder_paste, allowing an attacker to copy/move files from the home directory to an arbitrary destination by setting dst to a base64-enc...

CVE-2026-44258 efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the pagination parameter in the HTTP Request node. An attacker can execute arbitrary code on the instance by achieving global prototype pollution and chaining this with other...

CVE-2026-31249

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

GHSA-XP5Q-5Q7G-Q26R Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

EUVD-2023-34492

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2026-44204

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

EUVD-2026-29728

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-44204

Shelf is a platform for tracking physical assets. CVE-2026-44204 describes a SQL injection in the sortBy query parameter on the /assets route affecting versions 1.12 up to before 1.20.1. An authenticated user (any role) could execute arbitrary SQL and read data from any table, including data belo...

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

EUVD-2026-29692

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...