CVE-2026-7630 innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...

WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Restaurant Zone versions = 0.7.8...

AZL-79283 CVE-2026-3381 affecting package optipng 0.7.8-5

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-70883 CVE-2025-64720 affecting package optipng 0.7.8-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

@balalarast/vue-bottom-sheet (>=0.0.1 <=0.4.1), @nova-org/components (>=0.0.1-next.0 <=0.0.1-next.3) +3 more potentially affected by unknown CVE via @oku-ui/primitives (=0.7.8)

@oku-ui/primitives NPM version =0.7.8 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/primitives and may be impacted: - @balalarast/vue-bottom-sheet =0.0.1, =0.0.1-next.0, =0.4.0, =0.0.1, =0.2.1 - @phoenix-cg/vue-bottom-sheet =0.4.2 Source cves...

CVE-2025-6088

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088 Improper Authorization in danny-avila/librechat

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088

CVE-2025-6088 affects danny-avila/librechat. In version 0.7.8, improper authorization on the conversation sharing endpoint /api/share/conversationID allows a logged-in user to read other users’ conversations when the conversation ID is known. UUIDv4 IDs are server-side but can leak via logs, hist...

LibreChat 授权问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An authorization issue vulnerability exists in LibreChat version 0.7.8, which stems from improper authorization controls for the conversation sharing feature and could lead to unauthorized access to other users' conversatio...

WordPress plugin Maspik – Spam Blacklist 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

SUSE CVE-2008-6514

The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920...

WordPress Event List Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Event List is one of the event list plugin . SQL injection commands exist in version 0.7.8 of the WordPress Eve...

WordPress Plugin Event List &lt; 0.7.8 - SQL Injection

Exploit Title: WordPress Plugin Event List = 0.7.8 - SQL Injection Date: 04-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://wordpress.org/plugins/event-list/ Version: 0.7.8 CVE : CVE-2017-9429 Category: webapps 1. Description: SQL injection vulnerability in t...

PT-2012-3956 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 Description: The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This i...