Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-22
CVE-2026-22690 - Pypdf Plugin
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
PLUGIN
Pypdf
CVE-2026-22690
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22688 - WeKnora Plugin
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
PLUGIN
WeKnora
CVE-2026-22688
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-22610 - Angular Plugin
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
PLUGIN
Angular
CVE-2026-22610
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22687 - WeKnora Plugin
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
PLUGIN
WeKnora
CVE-2026-22687
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22589 - Spree Plugin
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5.
PLUGIN
Spree
CVE-2026-22589
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-13457 - Woocommerce Square Plugin
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square "ccof" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.
PLUGIN
Woocommerce Square
CVE-2025-13457
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22595 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22595
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22594 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22594
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22596 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22596
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22597 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22597
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22030 - React Router Plugin
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode () or Data Mode (createBrowserRouter/) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0.
PLUGIN
React Router
CVE-2026-22030
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-21884 - React Router Plugin
React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode () or Data Mode (createBrowserRouter/) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router…
PLUGIN
React Router
CVE-2026-21884
Risk Score
Threat Entry
Updated 2026-02-10
CVE-2026-22029 - React Router Plugin
React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode () is being used. This issue has been patched in…
PLUGIN
React Router
CVE-2026-22029
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22612 - Fickling Plugin
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.
PLUGIN
Fickling
CVE-2026-22612
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22609 - Fickling Plugin
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.
PLUGIN
Fickling
CVE-2026-22609
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22608 - Fickling Plugin
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7.
PLUGIN
Fickling
CVE-2026-22608
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22607 - Fickling Plugin
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in…
PLUGIN
Fickling
CVE-2026-22607
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22606 - Fickling Plugin
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been…
PLUGIN
Fickling
CVE-2026-22606
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22604 - Openproject Plugin
OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/change_password endpoint with an arbitrary User ID as the password_change_user_id parameter, the resulting error page would show the username for the requested user. Since this endpoint is intended to be called without being authenticated, this allows to enumerate the user names of all accounts registered in an OpenProject instance. This issue has been patched in version 16.6.2.
PLUGIN
Openproject
CVE-2026-22604
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22603 - Openproject Plugin
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint (/account/change_password) was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker who can guess or enumerate user IDs can send unlimited password-change requests for a given account without triggering lockout or other rate-limiting controls. This allows automated password-guessing (e.g., with wordlists of common passwords) against valid accounts. Successful guessing results in full account compromise for the targeted user and, depending on that user’s role,…
PLUGIN
Openproject
CVE-2026-22603
Risk Score