Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-27
CVE-2026-22033 - Label Studio Plugin
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the…
PLUGIN
Label Studio
CVE-2026-22033
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0855 - IPD Plugin
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
PLUGIN
IPD
CVE-2026-0855
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0854 - DH032 Plugin
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
PLUGIN
DH032
CVE-2026-0854
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0841 - 进取 520W Plugin
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0841
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0840 - 进取 520W Plugin
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0840
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0839 - 进取 520W Plugin
A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0839
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0838 - 进取 520W Plugin
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0838
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0837 - 进取 520W Plugin
A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0837
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0836 - 进取 520W Plugin
A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
进取 520W
CVE-2026-0836
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22704 - Issues Plugin
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.
PLUGIN
Issues
CVE-2026-22704
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22777 - ComfyUI-Manager Plugin
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.
PLUGIN
ComfyUI-Manager
CVE-2026-22777
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22698 - Elliptic Curves Plugin
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to…
PLUGIN
Elliptic Curves
CVE-2026-22698
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22700 - Elliptic Curves Plugin
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991.
PLUGIN
Elliptic Curves
CVE-2026-22700
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22699 - Elliptic Curves Plugin
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when…
PLUGIN
Elliptic Curves
CVE-2026-22699
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22685 - DevToys Plugin
DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages (NUPKG archives), DevToys does not sufficiently validate file paths contained within the archive. A malicious extension package could include crafted file entries such as ../../…/target-file, causing the extraction process to write files outside the intended extensions directory. This flaw enables an attacker to overwrite arbitrary files on the user’s system with the privileges of the DevToys process. Depending on the environment,…
PLUGIN
DevToys
CVE-2026-22685
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-22610 - Angular Plugin
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
PLUGIN
Angular
CVE-2026-22610
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22687 - WeKnora Plugin
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
PLUGIN
WeKnora
CVE-2026-22687
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22589 - Spree Plugin
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5.
PLUGIN
Spree
CVE-2026-22589
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-13457 - Woocommerce Square Plugin
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square "ccof" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.
PLUGIN
Woocommerce Square
CVE-2025-13457
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22595 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22595
Risk Score