CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

NPM: FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

NPM: FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

NPM: FlowiseAI Exposes Basic Auth Credentials via API

NPM: FlowiseAI Exposes Basic Auth Credentials via API vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

WordPress plugin MK Google Directions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-3335

The CVE-2026-3335 entry concerns the WordPress Canto plugin (versions up to 3.1.1). The vulnerability is in missing authorization via the file at wp-content/plugins/canto/includes/lib/copy-media.php, which is directly accessible without authentication or nonce checks. The issue arises because fbc...

@abcpros/bitcore-build (>=8.25.29 <=8.25.30), @acanto/october-scripts (=3.2.2) +1124 more potentially affected by CVE-2026-33151 via socket.io-parser (>=3.1.1 <=3.3.4)

socket.io-parser NPM version =3.1.1, =8.25.29, =1.0.0, =2018.7.11-0, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =0.2.0, =1.0.10, =3.3.91, =3.3.114 and more Source cves: CVE-2026-33151 Source advisory: SNYK:JS-SOCKETIOPARSER-15680278...

openbabel 代码问题漏洞

OpenBabel is an open-source chemistry toolkit software developed by Open Babel. Versions of OpenBabel 3.1.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a null pointer dereferencing in the OBAtom::GetExplicitValence function in the isrc/atom.cpp file, which could...

WordPress Alliance theme <= 3.1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Alliance versions = 3.1.1...

CVE-2026-24988 WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

WordPress plugin The Events Calendar Shortcode & Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

EUVD-2020-7340

Malware in sbrugna...

UTT HiPER 840G 安全漏洞

The UTT HiPER 840G is a Gigabit enterprise-class high-performance router from China Aitai UTT. A security vulnerability exists in UTT HiPER 840G 3.1.1-190328 and earlier versions, which originates from an incorrect manipulation of the parameter txtMin2 in the file /goform/formTaskEdit, which coul...

EUVD-2025-26929

Malicious code in bioql PyPI...

CVE-2025-10168

The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'any-ticker' shortcode in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

UTT HiPER 840G 安全漏洞

The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...

CVE-2025-7788

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attac...

UTT HiPER 840G 安全漏洞

The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...

CVE-2024-24849

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2020-15326

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem...