1014 matches found
EUVD-2025-210356
Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...
CVE-2025-66123
The CVE-2025-66123 entry describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress BookPro plugin, versions
WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...
WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...
EUVD-2026-39540
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...
CVE-2026-11373
Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...
CVE-2026-49346
CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...
Malicious code in free-claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...
MAL-2026-6232 Malicious code in free-claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...
CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
CVE-2026-48818
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
CVE-2025-69141
Unauthenticated Local File Inclusion in Kelly Young = 1.1.0 versions...
CVE-2026-48797 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...
PT-2026-50132
Name of the Vulnerable Software and Affected Versions Backpropagate versions 1.1.0 through 1.1.1 Description The optional Reflex web UI exposes a training control plane without authentication, despite CLI flags --auth and --share suggesting that security controls are active. The Reflex backend...
CVE-2026-50878
An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...
PT-2026-49319
An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2026-50878
CVE-2026-50878 affects Feuerhamster MailForm v1.1.0 in its attachment handling component. The issue allows a crafted request to trigger a Denial of Service (DoS). CVSS v3.1 base score 7.5 (HIGH): Network attack vector, no privileges required, no user interaction, and impact limited to availabilit...
CVE-2026-50878
An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2026-44427
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...
CVE-2026-6808
The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...