CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

CVE-2026-41900

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...

CVE-2026-24545 WordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

WordPress plugin QR Redirector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2026-41900

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

CVE-2026-41900

OpenLearnX (pre-2.0.3) contains a critical remote code execution (RCE) via the code execution sandbox, enabling sandbox escape and arbitrary commands. The issue is mitigated by upgrading to version 2.0.3 (patched in GHSA-8h25-q488-4hxw and related advisories). Public materials describe an unauthe...

CVE-2026-41900

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

MAL-2026-3253 Malicious code in feature-flag-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba3fb4537827a604de645ffad07771bc9f7ed4e1f4a70b16b4c35effadcf744 The package feature-flag-service was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in feature-flag-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba3fb4537827a604de645ffad07771bc9f7ed4e1f4a70b16b4c35effadcf744 The package feature-flag-service was found to contain malicious code. Source: ossf-package-analysis...

Uncontrolled Recursion

Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding. An attacker can cause the application to crash or terminate unexpectedly by supplying a deeply nested, attacker-controlled CBOR payload that exhausts th...

MyBB（MyBulletinBoard） 跨站脚本漏洞

MyBB is a free, web-based forum software developed by the MyBB team using PHP and MySQL. This software features simplicity in use, support for multiple languages, and scalability. Version 2.0.3 of MyBB contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning ...

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

CVE-2026-30162

Cross Site Scripting xss vulnerability in Timo 2.0.3 via crafted links in the title field...

Malicious code in bic-seo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88b87b18acc3a062d6a79eb7fd959cbbfea586694cf6d918aac1ddacaa062518 The package bic-seo was found to contain malicious code. Source: ossf-package-analysis 7eeaff4f3318ed34f500a278b37ae6e39604797f0de8643056247dc4ab1ebc...

CVE-2025-69374

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

CVE-2025-69374 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

WordPress plugin Eleblog 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Drupal Central Authentication System Server 安全漏洞

The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...