ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3429 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3429 Source advisory: OSV:GHSA-8G9R-9WJW-37J4https://vulners.com/osv/OSV:GHSA-8G9R-9WJW-...

CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3911 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3911 Source advisory: OSV:GHSA-XH32-C9WX-PHRPhttps://vulners.com/osv/OSV:GHSA-XH32-C9WX-...

WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

WordPress plugin Name Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-58190 affecting package cni-plugins for versions less than 1.4.0-5

CVE-2025-58190 affecting package cni-plugins for versions less than 1.4.0-5. A patched version of the package is available...

CVE-2025-47911 affecting package cni-plugins for versions less than 1.4.0-5

CVE-2025-47911 affecting package cni-plugins for versions less than 1.4.0-5. A patched version of the package is available...

@ind-rcg/generator (>=262.1002.0-beta.2 <=264.1004.0-beta.1), @ind-rcg/modeler-sfdx-cli-plugin (>=262.1002.0-beta.4 <=264.1004.0-beta.4) +2 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.2)

pdfmake NPM version =0.3.0-beta.2, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.0.0, =2.2.0 Source cves: CVE-2026-26801 Source advisory: OSV:GHSA-WP52-R2FP-4VMR...

GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...

PT-2026-24602

Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a victi...

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

CVE-2025-47911 affecting package cni-plugins for versions less than 1.3.0-11

CVE-2025-47911 affecting package cni-plugins for versions less than 1.3.0-11. A patched version of the package is available...

CVE-2025-58190 affecting package cni-plugins for versions less than 1.3.0-11

CVE-2025-58190 affecting package cni-plugins for versions less than 1.3.0-11. A patched version of the package is available...

openSUSE 16 Security Update : gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer (openSUSE-SU-2026:20329-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20329-1 advisory. Changes in gstreamer-rtsp-server: - Update to version 1.26.7: - Fix issues with GDISABLECHECKS & GDISABLEASSERT. - rtsp-server: tests: Switch to fixture...

Security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer (moderate)

openSUSE security update: security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer...

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

GHSA-P436-GJF2-799P vulnerabilities

Vulnerabilities for packages: gitsign, nerdctl-fips, bento, traefik-fips, rancher-fleet-fips, vcluster, rke2-cloud-provider, dagdotdev, gh, kwok, trufflehog-fips, flux-notification-controller-fips, policy-controller-fips, ratify-fips, kyverno-policy-reporter-plugins-kyverno-fips, witness,...

EUVD-2026-10030

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a through 5.3.80...

CVE-2026-28106

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20...

Arbitrary Code Execution

Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...