EUVD-2026-21236

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL has a security vulnerability that stems from an integer underflow issue during the parsing of X.509 certificates, which may le...

PT-2026-31897

Name of the Vulnerable Software and Affected Versions code-projects Vehicle Showroom Management System version 1.0 Description A cross site scripting issue exists due to the manipulation of the BRANCH ID argument within an unknown function of the /BranchManagement/ServiceAndSalesReport.php file...

Code-Projects Vehicle Showroom Management System 代码注入漏洞

Code-Projects Vehicle Showroom Management System is an open-source automotive showroom management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a code injection vulnerability. This vulnerability arises from incorrect operations wit...

CVE-2026-5987 Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine

A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler...

CVE-2026-39341

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

EUVD-2025-209377

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

CVE-2026-33780

creationtimestamp| type| source ---|---|--- 2026-04-09 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/juniper-junos-os-multiple-vulnerabilities20260410 2026-04-09 22:32:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ufqogbt2i...

CVE-2026-33779

creationtimestamp| type| source ---|---|--- 2026-04-09 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/juniper-junos-os-multiple-vulnerabilities20260410 2026-04-09 23:11:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3wmb5xes2z...

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

CVE-2025-14551

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

\ CVE-2025-47812 — Wing FTP Server RCE Research \ Contexte...

GHSA-C3H3-89QF-JQM5

creationtimestamp| type| source ---|---|--- 2026-04-09 11:16:38+00:00| seen| Telegram/nE1gVyn8jRxbZ-OhSUewb4fvVZDT-qjlGTvhk8YiMctdMk 2026-04-09 11:16:38+00:00| seen| Telegram/nE1gVyn8jRxbZ-OhSUewb4fvVZDT-qjlGTvhk8YiMctdMk...

GHSA-CRH9-3GJH-M6GC api-lab-mcp vulnerable to SSRF

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

CVE-2026-5832

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

CVE-2026-5832 atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

GHSA-QF73-2HRX-XPRP

creationtimestamp| type| source ---|---|--- 2026-04-09 01:27:25+00:00| published-proof-of-concept| Telegram/uNEbWTFRO9kglbQXnY7zSMHaUxTxgzOMmWKv2o-GlQMO0RY...