CVE-2026-44347

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...

PT-2026-39584

Name of the Vulnerable Software and Affected Versions WSO2 APIM versions 3.x Description The software fails to enforce role-based access controls for certain Gateway API and Internal Service API invocations. Users assigned the 'Internal/Everyone' role can invoke these APIs, bypassing intended...

Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

Chamilo 跨站请求伪造漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF protection during sensitive operations such as project deletion, which could...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from improper access control in the Account REST API. This vulnerability may allow users with low security levels to perform sensitive operations, potential...

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

WordPress plugin Freshchat 安全漏洞

WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...

WordPress plugin Auto Alt Text 跨站请求伪造漏洞

WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...

WordPress plugin Nextend Social Login and Register 跨站请求伪造漏洞

WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...

WordPress plugin Custom Post Type 跨站请求伪造漏洞

WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...

WordPress WP Manager plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...

WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...

WordPress Bard plugin cross-site request forgery vulnerability

WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...

WordPress plugin Depicter 跨站请求伪造漏洞

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

WordPress plugin Ally 跨站请求伪造漏洞

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

EUVD-2014-0199

Malware in sbrugna...

EUVD-2021-14500

Malware in sbrugna...

EUVD-2019-13566

Malware in sbrugna...

EUVD-2020-26904

Malware in sbrugna...

EUVD-2025-10693

Malicious code in bioql PyPI...