4 matches found
CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...
CVE-2025-55161
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...
WordPress Lana Email Logger Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Lana Email Logger Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3166 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 87d6e5f60784 Credits Alex Thomas Required...