Latest CVE Feed

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and outpu…

A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a vict…

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and aut…

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null poin…

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the …

A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation l…

A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fr…

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component v…