383 matches found
CVE-2026-12734
The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...
EUVD-2026-41467
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...
Astra Linux – Vulnerability in libcue
Libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and earlier are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a CUE sheet from a malicious webpage. Since the file is saved to /Downloads, it...
EUVD-2026-37845
The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'ruleid' parameter due to missing validation on a user controlled key. This makes it possible for...
EUVD-2025-210257
Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...
WordPress PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability
Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Modification vulnerability discovered by Truong Tran in WordPress Plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin versions = 2.3.0...
CVE-2026-40782
CVE-2026-40782 : Unauthenticated Broken Access Control in WordPress WPAdverts plugin (versions
PT-2026-49423
Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
CVE-2026-35599
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...
CVE-2026-39885
FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...
Cactus Image Viewer 安全漏洞
Cactus Image Viewer is a Windows single-file image viewing tool developed by Wassim Alhajomar. Version 2.3.0 of Cactus Image Viewer has a security vulnerability caused by DLL hijacking, which may allow attackers to elevate privileges and execute arbitrary code through a specially crafted DLL...
CVE-2026-36574
CVE-2026-36574 describes a DLL hijacking vulnerability in Wassimulator’s CactusViewer v2.3.0. The issue, rooted in DLL loading, enables local privilege escalation and arbitrary code execution. The CVSS details indicate LOCAL attack vector, no privileges required, but user interaction is required,...
WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fortius versions = 2.3.0...
CVE-2026-45438 WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0...
CVE-2026-45438
CVE-2026-45438 affects the WordPress plugin Smart Coupons for WooCommerce : versions before 2.3.0. The issue is a Missing Authorization / Broken Access Control vulnerability where access control is incorrectly configured, allowing bypass of authorization checks and potential unauthorized actions....
WordPress Restrict – membership, site, content and user access restrictions for WordPress plugin <= 2.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restrict versions = 2.3.0...
CVE-2026-35600
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...
CVE-2026-35602
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...
CVE-2026-6141
The CVE-2026-6141 entry affects danielmiessler Personal_AI_Infrastructure up to version 2.3.0, targeting an unknown function in Skills/Parser/Tools/parse_url.ts. The vulnerability allows remote OS command injection via manipulation of that function. The exploit has been publicly disclosed, and a ...