CVE-2026-39555

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

CVE-2026-42733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

python-multipart 安全漏洞

python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions prior to 1.2.2, 1.3.1, and 1.4.0-dev contained security vulnerabilities. These vulnerabilities stemmed from the use of ambiguous regular expressions in the parseoptionsheader function, which...

WordPress plugin Apollo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Apollo | Night Club, DJ Event WordPress Theme versions = 1.3.1...

CVE-2025-59482 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

PT-2026-5933

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of the TP-Link Archer AX53. An authenticated attacker in a nearby network can trigger a segmentation fault o...

WordPress Confetti Fall Animation plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Confetti Fall Animation versions = 1.3.1...

CVE-2025-69516

A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...

WordPress Interactions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Interactions versions = 1.3.1...

CVE-2025-62926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HappyDevs TempTool Show Current Template Info current-template-name allows Stored XSS.This issue affects TempTool Show Current Template Info: from n/a through = 1.3.1...

CVE-2025-11876

The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-13495

CVE-2025-13495 affects FluentCart A New Era of eCommerce WordPress plugin up to version 1.3.1. The vulnerability is an authenticated SQL Injection via the groupKey parameter, exploitable by Administrators with high privileges. Public advisories (Wordfence, Patchstack, NVD) confirm the issue and p...

WordPress plugin FluentCart SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

PT-2025-48201

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below Description An Integer Overflow issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The flaw resides in the parsing of ASN.1 structures containing OIDs with oversiz...

Resty 路径遍历漏洞

Resty is a simple HTTP and REST client library for Go open-sourced by Go Resty. A path traversal vulnerability exists in Resty 1.3.1 and earlier versions, which stems from an incorrect manipulation of the parameter filename and could lead to a path traversal attack...

WordPress plugin Twitter Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-58610

CVE-2025-58610 affects Gallery PhotoBlocks (WordPress plugin) with Stored XSS due to improper input neutralization during web page generation. Affected versions areGallery PhotoBlocks 1.3.1 and earlier (n/a–1.3.1). The vulnerability is confirmed in multiple sources (NVD patchnotes and Patchstack ...

IBM Security QRadar Network Threat Analytics 安全漏洞

IBM Security QRadar Network Threat Analytics is an advanced network security analysis tool from International Business Machines IBM. A resource management error vulnerability exists in IBM Security QRadar Network Threat Analytics version 1.3.1 and prior versions, which stems from a resource...