10 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-48524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...
CVE-2026-48525
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...
CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2025-14166
CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...
CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...
CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...
Harbor 跨站脚本漏洞
Harbor is an open source registry from Harbor Open Source. Protects artifacts with policies and role-based access control, ensures images are scanned and free of vulnerabilities, and signs images as trusted. A cross-site scripting vulnerability exists in Harbor versions 2.11.2 and earlier,...
Medium: aws-kinesis-agent
Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...
PT-2024-28165 · Mattermost · Mattermost Mobile
Name of the Vulnerable Software and Affected Versions: Mattermost Mobile app versions 2.13.0 and earlier Description: The issue allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link, due to the use of a regular expression with polynomial complexi...
chocolatey Boxstarter has an unspecified vulnerability
chocolatey Boxstarter is a virtual machine management software for installing virtual Windows environments from chocolatey, USA. A security vulnerability exists in Boxstarter installer versions prior to 2.13.0 that originates from configuring C:ProgramDataBoxstarter to be in the system-wide PATH...