CVE-2026-5226

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

PT-2026-6639

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description AutoGPT is a platform for creating and managing AI agents that automate workflows. A denial-of-service condition exists in the ReadRSSFeedBlock component due to uncontrolled resource allocation duri...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API Request component, which accepts user-supplied URLs and issues HTTP requests from the server without adequate filtering of internal or private network addresses. An attacker can access intern...

CVE-2025-66401

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

EUVD-2017-11829

Malware in sbrugna...

EUVD-2020-4044

Malware in sbrugna...

EUVD-2006-2939

Malware in sbrugna...

EUVD-2020-4043

Malware in sbrugna...

EUVD-2023-48087

Malicious code in bioql PyPI...

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....

CVE-2020-11701

An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

CVE-2020-15408

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite...

JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...

ALPINE-CVE-2024-6345

A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie versions prior to 1.4.0, which stems from the scrapeimage function will retrieve an image based on a user-supplied URL, but the supplied URL is not...

Jenkins PaaSLane Estimate Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...