WordPress WP Blog and Widget plugin <= 2.6.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Blog and Widget versions = 2.6.6...

CVE-2026-24913

MATCHA INVOICE versions 2.6.6 and earlier are affected by an SQL Injection vulnerability. The flaw allows an authenticated user to obtain or alter data stored in the database through exploitation of unsafely handled input in the application. The description does not specify exact vulnerable compo...

ICZ MATCHA INVOICE 代码问题漏洞

ICZ MATCHA INVOICE is an invoice management system developed by the Japanese company ICZ. Versions of ICZ MATCHA INVOICE 2.6.6 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unlimited upload of dangerous types of files, which could allow administrators to create...

CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

CVE-2026-25768

LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6...

CVE-2026-25768

LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6...

CVE-2026-25768

CVE-2026-25768 affects LavinMQ prior to 2.6.6, where an authenticated user could access broker metadata they should not access. The issue is a authorization flaw in the broker exposing sensitive metadata. The vulnerability is fixed in 2.6.6; affected deployments should upgrade to 2.6.6 or newer t...

MiracleLinux 4 : python-2.6.6-52.0.1.AXS4 (AXSA:2014-069:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-069:01 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes,...

EUVD-2025-38082

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

CVE-2025-62039 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.6.6...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by n0arafatn0 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.6.6...

EUVD-2019-6779

Malware in sbrugna...

EUVD-2023-40622

Malicious code in bioql PyPI...

EUVD-2022-0672

Malicious code in bioql PyPI...

CVE-2025-53637

Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...

CVE-2023-36679

Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6...

CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

WordPress Woo UPS Pickup plugin < 2.6.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin OPSI Israel Domestic Shipments versions 2.6.6...

PT-2025-1615 · WordPress · String Locator

Name of the Vulnerable Software and Affected Versions: String Locator plugin for WordPress versions up to 2.6.6 Description: The String Locator plugin for WordPress is vulnerable to PHP Object Injection due to the deserialization of untrusted input in the recursive unserialize replace function...