421 matches found
CVE-2026-27415
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-40979
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-40978
SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...
SourceBans Material Admin 安全漏洞
SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Versions prior to 1.1.6 of SourceBans Material Admin contained security vulnerabilities; these vulnerabilities allowed attackers to manipulate arbitrary user data in web application...
WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SweetDate Core versions 1.1.5...
CVE-2026-44664 fast-xml-builder: Comment Value bypass regex
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...
CVE-2026-44664 fast-xml-builder: Comment Value bypass regex
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...
NPM: fast-xml-builder Comment Value regex can be bypassed
NPM: fast-xml-builder Comment Value regex can be bypassed vulnerability discovered by ? in WordPress Npm fast-xml-builder versions 1.1.5...
CVE-2026-27415
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-27415
The CVE-2026-27415 entry documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress BEAR plugin, affecting BEAR versions from n/a up to 1.1.5. The issue is described as CSRF in PluginUs.Net BEAR. The provided metrics indicate a CVSS v3.1 base score of 4.3 (Medium) with attack ve...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection in fxb.js, which does not properly handle closing delimiters for comment and CDATA values. The -- sequence in comment content and the sequence in CDATA sections can be coopted to close their respective sections early and...
CVE-2026-39663
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through = 1.1.5...
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...
CVE-2026-1672
The BEAR – Bulk Editor and Products Manager Professional for WordPress (Pluginus.Net) is affected by a Cross-Site Request Forgery in all versions up to 1.1.5. The root cause is missing nonce validation on the woobe_redraw_table_row() function, enabling unauthenticated attackers to modify WooComme...