Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar

NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NocoDB: Server-Side Request Forgery via Base Migration URL

NocoDB: Stored Cross-Site Scripting via Secure Attachment

NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Pi Agent: Pi loads project-local extensions without approval

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output es...

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with Contributor-level...

The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a...

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks agains...

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.