Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

CVE-2026-2352

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aopostpreload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input sanitization in the aometaboxsave function and missing output escaping when the value is rendered in...

CVE-2026-20995

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-29072

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, an...

CVE-2026-4489

A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function formfastsettingwifiset of the file /goform/fastsettingwifiset. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

Improper Access Control

mautic/core is vulnerable to Improper Access Control. The vulnerability is due to missing enforcement of update settings restrictions, which allows a low-privileged user to install or remove arbitrary packages and execute malicious code for privilege escalation...

GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler ...

UBUNTU-CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler ...

CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler ...

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

WordPress Comment SPAM Wiper plugin <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Comment SPAM Wiper versions = 1.2.1...

CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application...

CVE-2026-33297

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...