CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

CVE-2018-25310

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

CVE-2026-34890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

EUVD-2025-209012

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...

CVE-2025-70888

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...

CVE-2025-70888

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...

CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

PT-2026-8386

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the term parameter in the global search functionality. An attacker can extract sensitive database contents, including...

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the stampe auth module. An attacker can execute arbitrary SQL commands by supplying crafted input to database queries...

PT-2025-53341

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10 Description The software contains an authenticated remote code execution issue that enables attackers to execute system commands with root privileges. Exploitation occurs through a cross-site...

PT-2025-53342

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10 Description The software contains a directory traversal issue that allows attackers to access arbitrary system files. This is possible due to unvalidated ID parameters. Attackers can exploit...

WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Unauthenticated HTML Injection vulnerability

Unauthenticated HTML Injection vulnerability discovered by pimschaaf - Open Roads in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

CVE-2025-49920

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through = 2.10...