555 matches found
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
CVE-2026-58588
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
CVE-2026-9857
The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-55604
DeepSeek MCP Server (DeepSeek V4) is vulnerable from v1.4.2 up to, but not including, v1.7.0. The issue stems from a process-global SessionStore that accepts caller-supplied session_id values without binding them to any authenticated principal or transport session. An attacker can enumerate activ...
WordPress Invoice123 plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Setting Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Invoice123 versions = 1.7.0...
CVE-2026-57763
CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.
PT-2026-55050
Name of the Vulnerable Software and Affected Versions Structured Content versions prior to 1.7.1 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. Recommendations Update Structured Content to a version...
CVE-2026-55423
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...
CVE-2026-55423 Langflow: Logout button does not clear session
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...
Langflow: Logout button does not clear session
Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. Details Not in auto login mode. Hosted on localhost. accesstokenlf remains present in both Local Storage and Cookies. refreshtokenlf remains present in Cookies. Root...
EUVD-2016-10902
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...
CVE-2016-20089 Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...
PT-2026-51100
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description The logout button fails to clear the user session, allowing a previous user to remain logged in unless another user explicitly authenticates. This occurs because the '/logout' endpoint deletes...
CVE-2026-8668
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-46683
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...
CVE-2026-46497
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...
EUVD-2026-36067
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...