1029 matches found
CVE-2026-57774
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...
CVE-2026-57774
The CVE-2026-57774 entry corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress theme VW Food Corner (versions up to and including 1.1.0). The issue affects the theme itself, enabling exploitation due to incorrectly configured access control security levels....
EUVD-2026-42808
The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-14699
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...
WordPress VW Food Corner theme <= 1.1.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Food Corner versions = 1.1.0...
EUVD-2025-210356
Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...
CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost - Products Compare = 1.1.0 versions...
CVE-2025-66123
The CVE-2025-66123 entry describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress BookPro plugin, versions
WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...
WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...
PT-2026-52714
Name of the Vulnerable Software and Affected Versions BookPro versions prior to 1.1.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input without sufficient authorization check...
EUVD-2026-39540
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...
CVE-2026-53765 chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory
Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...
CVE-2026-11373
Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...
CVE-2026-49346
CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...
MAL-2026-6232 Malicious code in free-claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...
Malicious code in free-claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...
DEBIAN-CVE-2026-48817
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...
CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...