187 matches found
PT-2025-27571 · Restdb · Codehooks-Mcp-Server
Name of the Vulnerable Software and Affected Versions: RestDB's Codehooks.io MCP Server versions prior to 0.2.2 Description: The issue is related to a command injection vulnerability in the MCP Server tools definition and implementation. This could result in a user-initiated remote command...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...
Process Sync 资源管理错误漏洞
Process Sync is an application for multi-process environments by Andrei Odintsov, a personal developer. A resource management error vulnerability exists in Process Sync version 0.2.2, which stems from a missing pthreadmutex unlock check...
CVE-2023-33665
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...
CVE-2022-36152
tifig v0.2.2 was discovered to contain a memory leak via operator new at /asan/asannewdelete.cpp...
CVE-2025-26919
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainá taina allows Stored XSS.This issue affects Tainá: from n/a through 0.2.5...
CVE-2025-26919 WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tainacan Tainá taina allows Stored XSS.This issue affects Tainá: from n/a through 0.2.5...
autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2025-31490 via agpt (=0.2.2)
agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-31490 Source advisory: SNYK:PYTHON-AGPT-9802320...
CVE-2025-32494
Cross-Site Request Forgery CSRF vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through = 0.2.2...
WordPress plugin reCAPTCHA Jetpack 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Theme Tainá versions 0.2.5...
agentverse (=0.1.8.1), airoboros (=2.1.1) +35 more potentially affected by CVE-2024-11603 via fschat (>=0.2.2 <=0.2.36)
fschat PYPI version =0.2.2, =0.3.0, =0.0.1, =1.1.0, =0.1.1, =0.1.1, =0.9.0.8, =0.1.1, =0.1.8 and more Source cves: CVE-2024-11603 Source advisory: SNYK:PYTHON-FSCHAT-9553181...
agentverse (=0.1.8.1), airoboros (=2.1.1) +35 more potentially affected by CVE-2024-10907 via fschat (>=0.2.2 <=0.2.36)
fschat PYPI version =0.2.2, =0.3.0, =0.0.1, =1.1.0, =0.1.1, =0.1.1, =0.9.0.8, =0.1.1, =0.1.8 and more Source cves: CVE-2024-10907 Source advisory: OSV:GHSA-QG86-F892-M4HJ...
ComfyUI 跨站请求伪造漏洞
ComfyUI is one of the most powerful and modular diffusion model GUIs and backends from comfyanonymous individual developers. A cross-site request forgery vulnerability exists in ComfyUI v0.2.2 and prior versions, which stems from insufficient CSRF protection and could lead to unauthorized API...
PT-2025-7447 · Unknown · White-Jotter
Name of the Vulnerable Software and Affected Versions: White-Jotter version 0.2.2 Description: An issue in the shiroFilter function allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Recommendations: Update to a newer version of White-Jotter that...
CVE-2024-57176
An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...
WordPress plugin Graceful Email Obfuscation 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
CVE-2025-22338
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lichwang WP-tagMaker tagmaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through = 0.2.2...
CVE-2024-38525
dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...
CVE-2024-49609
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through = 0.2.2...