CVE-2026-27400

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

CVE-2026-7400

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

PT-2026-35977

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is path allowed of the file server.py of the component read file tool/write file tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit...

PT-2026-35682

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file path results in path traversal. The attack may b...

CVE-2026-4022

The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posttype' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on...

NatroMacro 代码注入漏洞

NatroMacro is an automated script tool for games, open-sourced by the Natro Team. Versions of NatroMacro prior to 1.1.0 contained a code injection vulnerability. This vulnerability stemmed from any ahk code in the execution mode or path files, allowing attackers to share files containing maliciou...

WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Triompher versions = 1.1.0...

CVE-2026-27050

CVE-2026-27050 is a CSRF vulnerability affecting the WordPress RealPress plugin (RealPress) for versions up to and including 1.1.0. The issue is documented across multiple sources (NVD, Red Hat, CVE List, etc.) with a consistent description and does not provide additional exploit details in the c...

CVE-2026-27050

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

PT-2026-20759

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

WordPress Sosh Share Buttons plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Sosh Share Buttons versions = 1.1.0...

CVE-2025-68988

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through = 1.3.0...

CVE-2025-68885

CVE-2025-68885: Cross-Site Request Forgery in the Page Carbajal Custom Post Status plugin enables Stored XSS, affecting Custom Post Status up to version 1.1.0. CVSS 3.1 base 7.1 (HIGH). No exploitation details or fixes are provided in the initial or connected documents; refer to Patchstack listin...

CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.

Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...

CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...