Astra Linux - уязвимость в memcached

Memcached 1.6.7 allows a Denial of Service attack through multi-packet uploads in UDP...

CVE-2026-24391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

CVE-2026-24391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

CVE-2026-25356

The CVE-2026-25356 entry affects WordPress/Yobazar theme versions prior to 1.6.7, with a Reflected Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. The issue enables an attacker to inject scripts that execute in other users’ browsers, aligning wi...

CVE-2026-24391

The connected document identifies a concrete vulnerability: WordPress Car Dealer theme versions ≤ 1.6.7 suffers a reflected Cross-Site Scripting (XSS) vulnerability. The issue is caused by input that is reflected back to the user without proper sanitization, enabling an attacker to run arbitrary ...

PT-2026-27859

Name of the Vulnerable Software and Affected Versions ThemeMakers Car Dealer versions n/a through 1.6.7 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to reflected cross-site scripting XSS. This allows an attacker to...

WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Car Dealer versions = 1.6.7...

WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yobazar versions 1.6.7...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

UBUNTU-CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2025-67997

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...

CVE-2026-25432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through = 1.6.7...

UBUNTU-CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

WordPress plugin Travelicious 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-25432

CVE-2026-25432 affects the WordPress Omnipress plugin (

CVE-2020-37207

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash...

CVE-2020-37187 SpotDialup 1.6.7 - 'Name' Denial of Service

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash...