CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

Summary The readonly mode in mcp-neo4j-cypher versions prior to 0.6.0 can be bypassed using CALL procedures. Details Impact The enforcing of readonly mode in vulnerable versions could be bypassed by certain APOC procedures. Patches v0.6.0 release hardened the checks around the mode. The only way ...

CVE-2026-34981 whisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-34222 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-34222 Source advisory: OSV:GHSA-7429-HXCV-268M...

WordPress plugin WPNakama SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

EUVD-2025-28205

Malicious code in bioql PyPI...

EUVD-2025-31230

Malicious code in bioql PyPI...

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the RAG-knowledge endpoint, which allows an attacker to write a file to ...

PT-2025-7763 · Unknown · Nurelm Get Posts

Name of the Vulnerable Software and Affected Versions: nurelm Get Posts versions 0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. Specifically, it is a Stored XSS vulnerabilit...

WordPress plugin Responsivity 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Widget or Sidebar Shortcode plugin <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Widget or Sidebar Shortcode versions = 0.6.1...

Jester Security Vulnerabilities

Jester is a web framework by Dominik Picheta, an individual developer in the UK. A security vulnerability exists in Jester v.0.6.0 and earlier versions that could allow a remote attacker to execute arbitrary code via a crafted request...

openssh_key_parser 安全漏洞

opensshkeyparser is an open source python package. A security vulnerability exists in versions of opensshkeyparser prior to 0.0.6, which stems from the fact that if a key field is shorter than declared, the parser raises an error and displays a message containing the original field value...

PT-2022-13422 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository janeczku/calibre-web. This is due to an incomplete fix, which results in the blacklist not checking for 0.0.0....

Cronos 安全漏洞

Cronos is a Crypto.org Evm chain. Designed to massively scale the DeFi ecosystem. Cronos suffers from a security vulnerability that stems from the fact that in Cronos nodes running versions prior to v0.6.5, it is possible to collect transaction fees for the current block from the Cosmos SDK's...

Rudp 安全漏洞

rudp is a reliable UDP. A security vulnerability exists in Rudp version 0.6, which stems from the inclusion of a memory leak in the component main.c. The vulnerability is caused by the inclusion of a memory leak in the component main.c. The vulnerability is not supported by Rudp...

yaml-cpp denial of service vulnerability (CNVD-2019-01859)

yaml-cpp aka LibYaml-C++ is a C++ parser for use in YAML. A security vulnerability exists in the YAML::SingleDocParser of the singledocparser.cpp file in yaml-cpp version 0.6.2. A remote attacker can exploit this vulnerability to cause a denial of service with the help of the cpp file...