CVE-2026-32389

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

CVE-2026-32389 WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

EUVD-2026-31753

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Uppercase versions 1.2.2...

FileBrowser Quantum 安全漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions of FileBrowser Quantum prior to 1.3.1-beta and 1.2.2-stable contained security vulnerabilities. These vulnerabilities stemmed from the fact that tokenized download URLs were still exposed through /public/api/share/info...

CVE-2021-41924

Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting XSS...

CVE-2025-10991 Root Access via UART

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907...

CVE-2025-10991

CVE-2025-10991 affects TP-Link TP-Link Tapo D230S1 (V1.20) prior to 1.2.2 Build 20250907. The issue enables a local attacker to obtain root access by connecting to the UART port, requiring physical access to the device. Impact is described as total on technical metrics, with high confidentiality,...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

CVE-2025-10954

The CVE-2025-10954 entry concerns the Go package github.com/nyaruka/phonenumbers prior to version 1.2.2, where the phonenumbers.Parse() function may panic due to improper validation of input syntax, causing a runtime slice bounds error. Affected component: phonenumbers.Parse() in the library; roo...

Linux Distros Unpatched Vulnerability : CVE-2020-7598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload. CVE-2020-7598 Note that...

anything-llm 输入验证错误漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. An input validation error vulnerability exists in versions prior to anything-llm 1.2.2, which stems from the presence of Prisma injection in the API endpoint /embed/:embedId/stream-chat, which allows an...

umbrelOS 跨站脚本漏洞

umbrelOS is an open source home server operating system from Umbrel. A security vulnerability exists in umbrelOS versions prior to 1.2.2, which stems from a reflective cross-site scripting vulnerability in use-auth.tsx, which can be triggered by an attacker specifying malicious redirection query...

WordPress plugin LetterPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Obsidian 安全漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in versions of Obsidian prior to 1.2.2 that stems from allowing unintended API calls via embedded web pages...

CVE-2023-0059 Youzify < 1.2.2 - Contributor+ Stored XSS

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...