1737 matches found
CVE-2026-41554
CVE-2026-41554 concerns WordPress Bricks Builder theme, affecting versions from n/a through 1.9.2 to 2.2. The issue is an Improper Neutralization of Input During Web Page Generation leading to a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerable component is the Bricks Builder the...
CVE-2026-41554 WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
PT-2026-38436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...
BIT-JAVA-MIN-2024-54534
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption...
Exploit for Deserialization of Untrusted Data in Apache Mina
CVE-2026-42779 — Apache MINA Deserialization Filter Bypass to...
GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...
EUVD-2025-209603
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2026-38527
A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the /Settings/UserController.php...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from the admin/tinymce/upload endpoint, where an authenticated arbitrary fi...
LoLLMs 安全漏洞
LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Versions of LoLLMs prior to 2.2.0 contained a security vulnerability. This vulnerability stemmed from the createpost function not properly cleaning the content provided by users, which could lead to...
CVE-2025-39666
CVE-2025-39666 affects Checkmk in multiple versions: 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 beta before 2.5.0b3. A site user can escalate to root by manipulating files in the site context that are processed when the omd command is run by root. This yields a local pri...
CVE-2026-25458
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
CVE-2026-25452
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through = 2.2...
CVE-2026-25452 WordPress Remoji plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through = 2.2...
PT-2026-27954
Name of the Vulnerable Software and Affected Versions Select-Themes Moments versions n/a through 2.2 Description A flaw exists in the handling of file names within the include/require statements of a PHP program, specifically a PHP Local File Inclusion issue in Select-Themes Moments. This allows...
WordPress plugin Moments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
ahwaz (=2.2.3), arkive (>=0.1.1 <=0.3.1) +46 more potentially affected by CVE-2026-32889 via tinytag (>=1.10.0 <=2.2.0)
tinytag PYPI version =1.10.0, =0.1.1, =7.8.2, =4.8.0, =0.0.20, =1.0.20, =0.0.4, =1.0.0, =1.9.0, =0.1.0, =0.0.1, =3.8.5, =1.1.0b12, =1.1.0b17 and more Source cves: CVE-2026-32889 Source advisory: OSV:GHSA-F4RQ-2259-HV29...
PT-2026-22095
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-2620
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...