NVD CVEs — 本日公開 (21 件)
CVE-2026-7783 6.3 MEDIUM
A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possible t
CVE-2026-7784 7.3 HIGH
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The
CVE-2026-7785 7.3 HIGH
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotel
CVE-2026-7788 7.3 HIGH
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/
CVE-2026-44028 7.5 HIGH
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite m
CVE-2026-44029 5.3 MEDIUM
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);
CVE-2026-5722 9.8 CRITICAL
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible fo
CVE-2025-13618 9.8 CRITICAL
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated
CVE-2026-1921 4.9 MEDIUM
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This is due to the `findSourceFile()` method normalizing user-supplied `ref` paths containing `../` directory traversal sequences without validating t
CVE-2026-2868 6.4 MEDIUM
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for auth
GitHub Security Advisories — 本日公開 (20 件)
GHSA-gh5g-gr5m-vq9w
MEDIUM
The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
GHSA-67jp-hfjm-vfh5
MEDIUM
The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
GHSA-qvrg-xmf8-qrhj
MEDIUM
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...
GHSA-v76r-gcmp-j385
HIGH
The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions'...
GHSA-g4p8-grmx-3hm2
MEDIUM
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ...
GHSA-x5x8-g224-w6hp
MEDIUM
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
GHSA-p9xc-cphq-3q9h
MEDIUM
The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored...
GHSA-qpmj-rjxh-7h62
MEDIUM
The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
GHSA-fj9f-47hw-34fv
MEDIUM
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ...
GHSA-q9gg-cpq5-g6mh
MEDIUM
The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for...