EUVD-2026-9017

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2026-22319

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)

Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...

CVE-2026-2934

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/DfriendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

CVE-2026-27574 OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module explicitly documented as not a security mechanism to execute user-supplied code, allowing trivial sandbox escape via a well-known...

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

Linux Distros Unpatched Vulnerability : CVE-2026-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires befo...

WordPress plugin Magic Login Mail or QR Code 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69749

Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code...

CVE-2026-24818

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

MiracleLinux 9 : kernel-5.14.0-70.30.1.el9_0 (AXSA:2023-5105:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5105:05 advisory. posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003950 advisory. An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in...

CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CRLF Injection

Overview comfyui-manager is a ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI. Affected versions of this package are vulnerable to CRLF Injection via the writeconfig function. An attacker can alter...

CVE-2023-49148

Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...

CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

PT-2026-1757

Name of the Vulnerable Software and Affected Versions IndieWeb plugin for WordPress versions through 4.0.5 Description The IndieWeb plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the Telephone...

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

CVE-2025-67705

creationtimestamp| type| source ---|---|--- 2026-01-01 00:36:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbd56v7z2r2c 2026-01-02 18:51:10+00:00| seen| Telegram/jewkuyTggD2PWaKrabPFdcCxroyUzLRM-AR1O-LdmNxSvc...