EUVD-2026-36789

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

PT-2026-48538

Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...

CVE-2026-10269

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-30945

CVE-2026-30945 : StudioCMS prior to 0.4.0 exposes an authorization flaw in DELETE /studiocms_api/dashboard/api-tokens. Any authenticated user with editor privileges or above can revoke API tokens for any user (including admin/owner) because tokenID and userID are taken directly from the request w...

EUVD-2026-8683

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution...

CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...

NanoCMS 代码注入漏洞

NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...

WordPress plugin Konami Easter Egg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

KMQTT 安全漏洞

KMQTT is a Kotlin multi-platform MQTT 3.1.1/5.0 client and proxy from the individual developer Davide Pianca. A security vulnerability exists in KMQTT version v0.4.8 that stems from allowing an attacker to cause a denial of service via a crafted request...

filestash 安全漏洞

filestash is a Dropbox-like file manager by the individual developer Mickael. A security vulnerability exists in filestash v0.4, which stems from a TLS certificate validation being skipped when using the FTPS protocol. An attacker can perform a man-in-the-middle attack via the Init function of...

Degradation of service in h2 servers with CONTINUATION Flood

An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...

UBUNTU-CVE-2017-16883

The outputSWFTEXTRECORD function in util/outputscript.c in libming = 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file...