35 matches found
CVE-2026-57747
CVE-2026-57747 is an unauthenticated CSRF vulnerability in the WordPress Booked plugin
CVE-2026-56130
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
EUVD-2026-36728
Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...
CVE-2026-5079
The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...
WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...
CVE-2025-68043
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...
WordPress Viitor Button Shortcodes plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Viitor Button Shortcodes versions = 3.0.0...
WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hope versions = 3.0.0...
PT-2025-53650
Name of the Vulnerable Software and Affected Versions joey-zhou xiaozhi-esp32-server-java versions up to 3.0.0 Description A flaw exists in the Cookie Handler component’s tryAuthenticateWithCookies function within the AuthenticationInterceptor.java file. Manipulation of this function can result i...
Vuetify has a Prototype Pollution vulnerability
The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...
CVE-2025-8083 Vuetify Prototype Pollution via Preset options
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...
PT-2025-46798
Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...
CVE-2025-60220
Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through = 3.0.0...
EUVD-2021-21089
Malware in sbrugna...
WordPress Table Block by RioVizual plugin <= 3.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin Table Block by RioVizual versions = 3.0.0...
EUVD-2024-30464
Malicious code in bioql PyPI...
CVE-2025-10953
A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The exploit has...
Linux Distros Unpatched Vulnerability : CVE-2015-10005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The...
CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet
Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...
PT-2025-33906 · Mir · Mir
Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: Stored cross-site scripting in the web interface allows execution of arbitrary JavaScript code in a victim’s browser. Recommendations: Update MiR software to version 3.0.0 or later...