WordPress HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin <= 2.2.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Html5 Audio Player versions = 2.2.27...

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000164 advisory. An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could resu...

WordPress plugin WPCafe path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress WPCafe plugin <= 2.2.27 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.27...

Memory Allocation with Excessive Size Value

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value due to improper @MultipartConfig annotation handling for very large multipart content. Note: If the server uses...

PYSEC-2022-19

The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

PT-2022-1456 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.27 Django versions 3.2 before 3.2.12 Django versions 4.0 before 4.0.2 Description: The % debug % template tag in Django does not properly encode the current context, which may lead to XSS. This issue is related ...

Apache HTTP Server Multiple Vulnerabilities (Sep 2014) - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...