CVE-2026-8882

CVE-2026-8882 affects the WP ApplicantStack Jobs Display WordPress plugin (versions up to 1.1.1). The vulnerability is a Stored Cross-Site Scripting via Shortcode Attributes caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level ac...

WordPress WP ApplicantStack Jobs Display plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WP ApplicantStack Jobs Display versions = 1.1.1...

Astro MCP Server 注入漏洞

Astro MCP Server is an app store optimized data query tool by Tim Broddin, an individual developer. An injection vulnerability exists in Astro MCP Server 1.1.1 and earlier versions, which stems from an unknown function in the src/index.ts file in the MCP Tool Query Construction component that...

EUVD-2026-20364

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through = 1.1.1...

CVE-2026-35176 openFPGALoader has a heap buffer overflow in POFParser::parseSection() via crafted .pof file

openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability...

CVE-2026-34237

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 0.83.0, 1.0.1, and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 0.83.0, 1.0.1, and 1.1.1...

CVE-2026-34237

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched in versions 1.0.1 and 1.1.1...

@brainbase-ai/action-read (=0.0.1), @brainbase-ai/actions (>=3.2.105 <=3.2.107) +71 more potentially affected by CVE-2026-26831 via textract (>=1.1.1 <=2.5.0)

textract NPM version =1.1.1, =3.2.105, =0.0.0, =0.0.0, =0.0.0, =0.0.15, =0.0.0, =0.0.0, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.7.0, =0.17.0 and more Source cves: CVE-2026-26831 Source advisory: SNYK:JS-TEXTRACT-15874118...

WordPress plugin Nexa Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

CVE-2025-53335 WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through = 1.1.1...

WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Berger versions = 1.1.1...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005350 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...

CVE-2025-14039

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

@saltcorn/cli (>=1.1.1 <=1.5.0-beta.18), @saltcorn/mobile-builder (>=1.1.1 <=1.5.0-beta.18) potentially affected by unknown CVE via @saltcorn/server (>=1.1.1 <=1.5.0-beta.18)

@saltcorn/server NPM version =1.1.1, =1.1.1, =1.1.1, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: OSV:GHSA-CR3W-CW5W-H3FJ...

WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

PT-2026-1628

Name of the Vulnerable Software and Affected Versions Stumble! for WordPress plugin versions up to and including 1.1.1 Description The Stumble! for WordPress plugin is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the $...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-66167

Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through = 1.1.1...

EUVD-2025-93382

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

CVE-2025-61844

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...