UBUNTU-CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2025-69297 WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

PT-2026-21125

Name of the Vulnerable Software and Affected Versions GhostPool Aardvark Plugin aardvark-plugin versions through 2.19 Description An authorization issue exists in the GhostPool Aardvark Plugin. The issue involves incorrectly configured access control security levels, potentially allowing...

WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Aardvark Plugin versions = 2.19...

Typemill security vulnerabilities

Typemill is a lightweight flat-file CMS developed by Typemill OpenSource, designed for micro-publishers. Versions of Typemill 2.19.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by missing context encoding in the username field of the login view template, whic...

WordPress plugin ARK Related Posts 跨站请求伪造漏洞

...

EUVD-2000-0887

Malware in sbrugna...

EUVD-2025-25346

Malicious code in bioql PyPI...

CVE-2025-28041

Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication...

CVE-2025-28041

The CVE-2025-28041 entry concerns iTranswarp (CMS) versions up to 2.19 with a root cause of incorrect access control in the doFilter function. This allows unauthenticated actors to access sensitive components. Public reports from multiple sources (including Red Hat and CNNVD) confirm the same des...

Linux Distros Unpatched Vulnerability : CVE-2024-45160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty...

CVE-2024-54160

dashboards-reporting aka Dashboards Reports before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer...

CVE-2024-54160

dashboards-reporting aka Dashboards Reports before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer...

LemonLDAP::NG 安全漏洞

LemonLDAP::NG is a set of Web single sign-on and access management software from LemonLDAP::NG open source. A security vulnerability exists in LemonLDAP::NG version 2.18.x and 2.19.x prior to 2.19.2, which stems from the presence of incorrect credential validation, allowing an attacker to bypass...

PT-2024-31405 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: Fides versions 2.19.0 through 2.43.x Description: The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

Cross site scripting

A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...

PT-2022-19376 · Jenkins · Jenkins Cas Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.19 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the name and description of CVS Symbolic Name parameters on views displaying parameters are no...

CloudBees Jenkins Active Directory Plugin Authorization Issue Vulnerability (CNVD-2020-62249)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Active Directory Plugin is used in one of th...