CVE Brief Security Intelligence

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1

CoreDNS is a DNS server that chains plugins

CoreDNS is a DNS server that chains plugins

The WooCommerce WordPress plugin from versions 5

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser

Net-Billetterie 2

DoceboLMS 1

Pedidos 1

Rmedia SMS 1

Alienor Web Libre 2

Silurus Classifieds Script 2

Data Center Audit 2

GPS Tracking System 2

Nominas 0

ServerZilla 1

PlayJoom 0

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1

Easyndexer 1

Galaxy Forces MMORPG 0

Facturation System 1

Zarf, an airgap native package manager for Kubernetes, contains a vulnerability that could compromise the integrity of package deployments in restricted environments.

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1

A weakness has been identified in code-projects Simple Flight Ticket Booking System 1

The Mesa Python library for agent-based modeling contains a vulnerability that could allow for arbitrary code execution during the processing of simulation data.

Caddy is an extensible server platform that uses TLS by default

A vulnerability was found in Tenda FH451 1

A vulnerability was determined in Tenda FH451 1

A vulnerability was identified in Tenda FH451 1

Meneame English Pligg 5

Alive Parish 2

OOP CMS BLOG 1

pyLoad is a free and open-source download manager written in Python

A high-severity vulnerability has been identified in the DSA Study Hub educational web application, requiring immediate vendor-supplied updates.

UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers

Mongoose Web Server 6

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter

Snipe-IT versions prior to 8

OliveTin, a web interface for shell commands, contains a high-severity vulnerability that could lead to unauthorized command execution.

A high-severity vulnerability in the Flowise LLM flow builder could allow attackers to compromise customized large language model flows.

Wallos is an open-source, self-hostable personal subscription tracker

A high-severity vulnerability has been found in the WeKnora LLM framework, potentially impacting document understanding and semantic retrieval security.

A vulnerability was identified in UTT HiPER 810G up to 1

A security flaw has been discovered in UTT HiPER 810G up to 1

A weakness has been identified in UTT HiPER 810G up to 1

A security vulnerability in the H3C Magic B1 router up to version 100R004 could allow for unauthorized device access or control.

A high-severity vulnerability has been identified in the Wavlink WL-WN579X3-C router, specifically affecting firmware version 231124, potentially allowing for unauthorized system compromise.

A vulnerability in the Plane open-source project management tool allows for potential unauthorized actions, threatening the confidentiality of sensitive project data and organizational workflows.

Warranty Tracking System 11

A late-disclosure vulnerability in Zoom BitZoom 1 presents a significant security risk, potentially allowing for unauthorized access or execution within the application environment.

Gumbo CMS 0

A high-severity vulnerability has been disclosed in the Tina4 Stack 1, which could allow attackers to compromise web applications built on this framework.

Webiness Inventory 2

ZITADEL is an open source identity management platform

ZITADEL, an open-source identity management platform, is affected by a high-severity vulnerability that could compromise identity and access management (IAM) security.

Flowise is a drag & drop user interface to build a customized large language model flow

Backstage is an open framework for building developer portals

ZITADEL is an open source identity management platform

EverSync 0

AMPPS 2

Musicco 2

An Absolute Path Traversal vulnerability exists in Navtor NavBox

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

@hono/node-server allows running the Hono application on Node

Plane is an an open-source project management tool

express-rate-limit is a basic rate-limiting middleware for Express

Ghost is a Node

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier

Kestra is an event-driven orchestration platform

A flaw has been found in Shy2593666979 AgentChat up to 2

A vulnerability was found in Totolink N300RH 6

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1

Maitra 1