CVE-2026-22690

creationtimestamp| type| source ---|---|--- 2026-01-24 21:26:00+00:00| seen| https://gist.github.com/alon710/af7f1621d94bc4520e512228571073ac 2026-01-24 21:26:09+00:00| seen| https://gist.github.com/alon710/d0d64a6b47dd3930f853faaddb139d32 2026-01-24 22:41:32+00:00| seen|...

CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

CVE-2026-22690 vulnerabilities

Vulnerabilities for packages: open-webui...

CVE-2026-22690 vulnerabilities

Vulnerabilities for packages: open-webui...

Linux Distros Unpatched Vulnerability : CVE-2026-22690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2529 more potentially affected by CVE-2026-22690 via pypdf (>=3.10.0 <=6.5.0)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.4.1, =0.3.6, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =1.2.32, =2.0.2 and more Source cves: CVE-2026-22690 Source advisory: OSV:GHSA-4XC4-762W-M6CG...

EUVD-2022-0686

Malicious code in bioql PyPI...

CVE-2023-22690

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shopfiles Ltd Ebook Store plugin = 5.775 versions...

CVE-2025-22690

Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...

CVE-2025-22690

creationtimestamp| type| source ---|---|--- 2025-02-03 15:10:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113940590249503672 2025-02-03 15:16:43+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtknm4xa2h 2025-08-26 18:36:19+00:00| seen|...

CVE-2025-22690 WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...

CVE-2025-22690

CVE-2025-22690 concerns DigiTimber cPanel Integration (WordPress plugin) vulnerable to Cross-Site Request Forgery (CSRF) that enables Stored XSS. Affected versions are 1.4.6 and earlier. The publicly disclosed metrics cite CVSS v3.1 base score 7.1 (HIGH) with network attack vector, low attack com...

CVE-2025-22690 WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...

CVE-2023-22690

CVE-2023-22690 is a WordPress Ebook Store plugin vulnerability affecting versions ≤ 5.775. It is described as an authenticated (admin+) Stored Cross-Site Scripting (XSS) flaw. Public details in Patchstack indicate the issue has been fixed in version 5.78, addressing the XSS vector. The NVD entry ...

CVE-2021-22690

This CVE-2021-22690 entry is rejected/not used and does not represent an active vulnerability.

CVE-2021-22690

...

GHSA-R8PR-83CC-CCV7 Umbraco Persistent Password Reset Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

Umbraco Persistent Password Reset Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

CVE-2022-22690

creationtimestamp| type| source ---|---|--- 2022-01-18 20:25:07+00:00| seen| https://t.me/cibsecurity/35731 2022-01-18 20:25:08+00:00| seen| https://t.me/cibsecurity/35732...

CVE-2022-22690

Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...