432 matches found
CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the buildStreamAuthOptions function. An attacker can access sensitive workflow execution data, configurations, logs, and queue status by sending unauthenticated requests to Server-Sent...
CVE-2026-32459 WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...
CVE-2026-32459
The CVE describes an SQL Injection vulnerability (blind) in the WordPress UpsellWP plugin (checkout-upsell-and-order-bumps) affecting versions up to 2.2.4. Root cause: improper neutralization of special elements used in SQL commands. Impact stated as Blind SQL Injection, but no exploitation detai...
PT-2026-25303
🟠 CVE-2026-32459 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue af... https://t.co/cgG00hiU3x https://t.co/E6pmdn1Kzn...
Gokapi 资源管理错误漏洞
Gokapi is a lightweight, self-hosted alternative to Firefox sending messages developed by Marc Bulling. Prior to version 2.2.4 of Gokapi, there was a resource management vulnerability. This vulnerability stemmed from the API endpoint accepting unlimited request bodies, which could potentially cau...
PT-2026-25358
Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4 Description Gokapi is a self-hosted file sharing server. The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public...
Gokapi 安全漏洞
Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.4 contained a security vulnerability, where the path for multipart uploads did not verify the total file size. This vulnerability could allow attackers to upload extremely large...
CVE-2020-37147
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...
PT-2026-6821
Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into...
CVE-2022-37265
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...
CVE-2022-37257
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...
PT-2025-45267
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through ...
WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smart Coupons for WooCommerce versions = 2.2.3...
CVE-2025-64289
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...
EUVD-2025-36606
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...
CVE-2025-64290
Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...