CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

PT-2025-23167 · Blackmagic Design · Davinci Resolve

Name of the Vulnerable Software and Affected Versions: DaVinci Resolve versions prior to the fixed version Description: The issue is related to the use of entitlement "com.apple.security.cs.disable-library-validation" and the lack of launch and library load constraints, allowing a local attacker...

ckb-analyzer (=0.37.0), ckb-network (>=0.37.0 <=0.38.0) +8 more potentially affected by unknown CVE via resolve (>=0.1.2 <=0.2.0)

resolve CARGO version =0.1.2, =0.37.0, =0.37.0, =0.37.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0013...

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4352 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7694afbc9e58 Credits villu164 Required privilege...

WordPress Rolo Slider Plugin <= 1.0.9 is vulnerable to Settings Change

Software Rolo Slider Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-1438 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 601d954731d6 Credits Emili Castells Required privilege...

WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control

Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Broken Access Control

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46146 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID dba7a9d87836 Credits Rafie Muhammad Patchstack...

WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77839e376c07 Credits thiennv Required...

WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)

Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...