WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Product Filters versions 2.0.6...

CVE-2026-35047

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution RCE on the server, potentially resulting in full system compromise,...

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

CVE-2025-12760

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

Drupal Email TFA allows Functionality Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass. This issue affects Email TFA: from 0.0.0 before 2.0.6...

CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

Drupal Email TFA module < 2.0.6 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Email TFA versions 2.0.6...

EUVD-2018-0756

Malware in sbrugna...

EUVD-2021-11638

Malware in sbrugna...

CVE-2025-31681

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

PT-2022-18122 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.6 Description: When using tasks to read config files, there is a risk of database password disclosure. Recommendations: For versions prior to 2.0.6, upgrade to version 2.0.6 or higher...

WordPress Plus Addonsfor Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor Page Builder Lite Plugin versions prior to 2.0.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1904)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-16470

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size...

CVE-2018-16470

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size...

UBUNTU-CVE-2016-9583

An out-of-bounds heap read vulnerability was found in the jpcpinextpcrl function of jasper before 2.0.6 when processing crafted input...

jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder

An out-of-bounds heap read vulnerability was found in the jpcpinextpcrl function of jasper before 2.0.6 when processing crafted input...

CVE-2016-7179

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service application crash via a crafted packet...

Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...