EUVD-2026-10161

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys...

CVE-2025-54883

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 packaged in Vision-ui = 1.4.0 contains a critical cryptographic weakness. Due to a silent 32-bit...

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

WordPress Kata Plus Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Kata Plus Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f7dc90a1046 Credits Francesco Carlucci Required...

WordPress Travel Agency Theme <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Travel Agency Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37451 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3d26a472da99 Credits Dhabaleshwar Das...

CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...