SUSE CVE-2026-22688

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22688

creationtimestamp| type| source ---|---|--- 2026-01-09 03:21:40+00:00| published-proof-of-concept| https://github.com/Tencent/WeKnora/security/advisories/GHSA-78h3-63c4-5fqc 2026-01-10 05:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc2a5gq6zn2t 2026-01-10...

CVE-2025-22688

Cross-Site Request Forgery CSRF vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through = 0.2.6...

CVE-2025-22688

Cross-Site Request Forgery CSRF vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through = 0.2.6...

CVE-2025-22688

creationtimestamp| type| source ---|---|--- 2025-02-03 15:10:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113940590234458914 2025-02-03 15:16:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtklfy372f 2025-08-26 18:36:19+00:00| seen|...

CVE-2025-22688 WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6...

CVE-2025-22688 WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through = 0.2.6...

CVE-2025-22688

CVE-2025-22688 affects WordPress plugin Unlimited Page Sidebars (versions

Synology DiskStation Manager Improper Neutralization of Special Elements used in an OS Command (CVE-2022-22688)

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in File service functionality in Synology DiskStation Manager DSM before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This plugin only works wi...

CVE-2023-22688

creationtimestamp| type| source ---|---|--- 2023-05-22 12:25:29+00:00| seen| https://t.me/cibsecurity/64507...

CVE-2023-22688 WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Abdul Ibad WP Tabs Slides plugin = 2.0.3 versions...

CVE-2023-22688 WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Abdul Ibad WP Tabs Slides plugin = 2.0.3 versions...

CVE-2023-22688

The CVE-2023-22688 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Abdul Ibad WP Tabs Slides versi​ons ≤ 2.0.3. The issue affects the plugin’s ability to perform actions on behalf of an authenticated user without proper authorization, with unauthenticated...

WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Tabs Slides Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b0f151ab859e Credits Mika Required privileg...

CVE-2022-22688

creationtimestamp| type| source ---|---|--- 2022-03-25 11:30:28+00:00| seen| https://t.me/cibsecurity/39527...

CVE-2022-22688

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in File service functionality in Synology DiskStation Manager DSM before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-22688

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in File service functionality in Synology DiskStation Manager DSM before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-22688

CVE-2022-22688 is a vulnerability in Synology DiskStation Manager (DSM) File service where improper neutralization of special command elements enables a remote authenticated user to execute arbitrary commands. Affected software: DSM versions prior to 6.2.4-25556-2. Root cause: inadequate filterin...

CVE-2022-22688

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in File service functionality in Synology DiskStation Manager DSM before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2021-22688

...