91 matches found
EUVD-2026-30489
MCP Registry: OCI validator skips ownership check on upstream rate limits...
CVE-2026-45781
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
CVE-2026-45781
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...
PT-2026-41128
Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.9 Description OCI ownership validation fails to perform a label-match check when an upstream OCI registry returns an HTTP 429 Too Many Requests error. This occurs because the function ValidateOCI in the file...
CVE-2026-7389 EyouCMS common.php GetSortData sql injection
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...
CVE-2026-7389 EyouCMS common.php GetSortData sql injection
A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...
PT-2026-35940
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
EUVD-2026-23221
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-3369
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-3369
The CVE-2026-3369 entry describes a Stored XSS in the WordPress plugin Better Find and Replace – AI-Powered Suggestions up to version 1.7.9 due to insufficient input sanitization and output escaping. The vulnerability can be exploited by authenticated attackers with author-level access+ , who can...
WordPress plugin Better Find and Replace – AI-Powered Suggestions 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-33308
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-5425
The CVE-2026-5425 entry concerns the WordPress Widgets for Social Photo Feed plugin. A stored XSS vulnerability exists in all versions up to 1.7.9, caused by insufficient input sanitization and output escaping in the feed_data parameter keys. Impact: unauthenticated attackers can inject arbitrary...
PT-2026-30317
Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed plugin for WordPress versions up to and including 1.7.9 Description The Widgets for Social Photo Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the feed data parameter keys due to...
CVE-2026-27411 WordPress SiteGuard WP plugin plugin <= 1.7.9 - Captcha Bypass vulnerability
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through = 1.7.9...
CVE-2026-27411
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through = 1.7.9...
CVE-2026-27411 WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through = 1.7.9...
WordPress plugin SiteGuard WP Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...