CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

Fedora 44 : python-tomli (2026-42d4c822e4)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-42d4c822e4 advisory. Update to 2.4.1. Limit number of parts of a TOML key to address quadratic time complexity Tenable has extracted the preceding description block directly from...

PT-2025-33879 · Unknown · Solidinvoice

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice affecting the Invoice Creation Module. The issue involves an unknown processing of the /invoice file. Manipulation of the Client Name argument results in...

PT-2024-12937 · Unknown · Qufirewall

Name of the Vulnerable Software and Affected Versions: QuFirewall versions prior to 2.4.1 Description: A path traversal issue has been reported, allowing authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. Recommendations: For versions...

PT-2018-18603 · WordPress · Wp Activity Log

Name of the Vulnerable Software and Affected Versions: Activity Log plugin versions prior to 2.4.1 for WordPress Description: The issue allows remote attackers to inject arbitrary JavaScript or HTML via a title that is not properly escaped, potentially leading to cross-site scripting XSS attacks...