CVE-2020-37245

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2020-37245

Supsystic Digital Publications 1.6.9 for WordPress is affected by two issues described in the CVE-2020-37245 entry: a path traversal vulnerability in the Folder input field that can expose files outside the web root, and stored cross-site scripting caused by failure to sanitize inputs in publicat...

CVE-2020-37245 WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

WordPress plugin Supsystic Digital Publications 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

security-advisories

Security Advisories Public write-ups and PoCs for CVEs I've d...

EUVD-2026-10064

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

CVE-2026-30845 Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

PT-2026-23745

🚨 CVE-2026-30845 Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to a...

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

CVE-2026-2208

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended ...

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

EUVD-2026-5824

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from improper handling of the file server/publications/cards.js component in Meteor Publication Handler, which...

PT-2026-6944

Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the Rules Handler component’s file server/publications/rules.js file, which could lead to lack of...

cve-vul

A reposito...

MAL-2025-187544 Malicious code in iota-scripts-phoebe-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fbee3686e895ff09efa48a6461e060acddc8e19556f4304ce807a20d372f937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zephyr-auriga-node-config-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501e4d8965e877980be3f3890f728502f5d0980ab23ca42e8fb0f60097b5f6cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rigel-photon-interferometry-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80fdd06f2759d7a5c81facbdff2a653399e9620cc9ef3b395398eac4ca83714f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...