Kai Aizen

8 exploits Active since Oct 2025
CVE-2026-31899 GITHUB HIGH python WRITEUP
CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
10 stars
CVSS 7.5
CVE-2026-3288 GITHUB HIGH python WRITEUP
ingress-nginx < 1.13.8, < 1.14.4, < 1.15.0 - Remote Code Execution via Rewrite Target Annotation Injection
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
10 stars
CVSS 8.8
CVE-2025-11171 NOMISEC MEDIUM WRITEUP
Chartify - WordPress Chart Plugin <3.5.9 - Auth Bypass
The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter, without any nonce or capability checks. This makes it possible for unauthenticated attackers to execute administrative functions via the wp-admin/admin-ajax.php endpoint granted they can identify callable method names.
CVSS 5.3
CVE-2026-31899 NOMISEC HIGH WRITEUP
CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
CVSS 7.5
CVE-2026-3288 NOMISEC HIGH WRITEUP
ingress-nginx < 1.13.8, < 1.14.4, < 1.15.0 - Remote Code Execution via Rewrite Target Annotation Injection
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS 8.8
CVE-2026-1208 NOMISEC MEDIUM WORKING POC
Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery via Settings Page
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS 4.3
CVE-2025-12163 NOMISEC MEDIUM WRITEUP
Omnipress <= 1.6.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS 6.4
CVE-2025-12030 NOMISEC MEDIUM WORKING POC
ACF to REST API <3.3.4 - Insecure Direct Object Reference
The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability without checking object-specific permissions (e.g., edit_post($id), edit_user($id), manage_options). This makes it possible for authenticated attackers, with Contributor-level access and above, to modify ACF fields on posts they do not own, any user account, comments, taxonomy terms, and even the global options page via the /wp-json/acf/v3/{type}/{id} endpoints, granted they can authenticate to the site.
CVSS 4.3