524 matches found
CVE-2026-6853
CVE-2026-6853 describes an authentication bypass in Başbelen Group Pause+ Mobile App caused by improper restriction of excessive authentication attempts. Affected versions are Pause+ Mobile App prior to 1.5 (v1.0.6 up to, but not including, 1.5). The CVSS 3.1 base score is 9.8 (CRITICAL), with NE...
CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...
CVE-2026-11603
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2026-35316
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-5715
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-40979
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-40978
SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-39371
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...
@diogoxiang/utils (=1.0.0) potentially affected by unknown CVE via @antv/torch (=1.0.6)
@antv/torch NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/torch and may be impacted: - @diogoxiang/utils =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVTORCH-16754422...
EUVD-2026-29400
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715 Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-5715
The Voyage Plus WordPress plugin is vulnerable to Stored XSS via the class attribute of the post-content shortcode in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access can inje...
WordPress Voyage Plus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Voyage Plus versions = 1.0.6...
parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
EUVD-2025-209729
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
NPM: parse-ini is vulnerable to Prototype Pollution in index.js()
NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...
GHSA-X72J-HV9F-QQH4 parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
parse-ini 安全漏洞
parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...