CVE-2026-30855

WeKnora exposes a broken access control in its tenant management endpoints, enabling any authenticated user to read, modify, or delete tenants by ID without ownership checks. The policy bypass affects endpoints like GET /api/v1/tenants, GET /api/v1/tenants/{id}, PUT /api/v1/tenants/{id}, and DELE...

EUVD-2026-10158

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CVE-2026-23967

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...

CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

WordPress plugin Top Friends 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request forgery...

AudioFile 安全漏洞

AudioFile is a simple C++ library containing only header files by the individual developer Adam Stark in the UK. It is used to read and write audio files. A security vulnerability exists in AudioFile version v0.3.7, which stems from a null pointer dereference in the ModuleState::setup function...

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

PT-2025-15748 · Unknown · More Mime Type Filters

Name of the Vulnerable Software and Affected Versions: More Mime Type Filters versions 0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows for Stored XSS attacks. Recommendations: For...

Open Panel OpenAdmin 安全漏洞

Open Panel OpenAdmin is a free Laravel-based open administration panel from Open Panel, Inc. A security vulnerability exists in Open Panel OpenAdmin version 0.3.4, which stems from cross-site request forgery and could lead to elevation of privilege...

Degradation of service in h2 servers with CONTINUATION Flood

An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...

PT-2023-15898 · Unknown · Sviehb/Jefferson

Name of the Vulnerable Software and Affected Versions: sviehb jefferson versions up to 0.3 Description: A critical vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool, affecting unknown code of the file src/scripts/jefferson. The manipulation leads to path...