CVE-2026-41551

ROS# vulnerability CVE-2026-41551 affects all versions

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.150.0 through prior to 2.2.2 that stems from an authentication bypass in the Stripe Trigger node, which could result in an unauthenticated party triggering a workflow...

CVE-2025-52936 Improper Link Resolution Before File Access vulnerability in yrutschle/sslh

Improper Link Resolution Before File Access 'Link Following' vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2...

CVE-2025-52936

CVE-2025-52936 affects the sslh package (yrutschle sslh) prior to 2.2.2. Debian’s DLA-4238-1 and related advisories disclose a link-following vulnerability and fix it in Debian 11 bullseye with package version 1.20-1+deb11u1 . The vulnerability is described as an “Improp­er Link Resolution Before...

CVE-2023-1176

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

CVE-2025-47702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

Drupal oEmbed Providers 跨站脚本漏洞

Drupal oEmbed Providers is a module plugin in the Drupal content management system from the Drupal community. A cross-site scripting vulnerability exists in Drupal oEmbed Providers versions prior to 2.2.2 that stems from improper input neutralization and could lead to a cross-site scripting attac...

mosparo Cross-Site Request Forgery Vulnerability

mosparo is modern spam protection. A cross-site request forgery vulnerability exists in mosparo versions prior to 2.2.2, which stems from a cross-site request forgery vulnerability in the logout feature...

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.2.2, which originated at https://demo.modoboa.org/user/profile/中存在跨站脚本漏洞...

PT-2023-32263 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.2.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which allows an attacker to execute malicious scripts in the browser of a user. This can lead to unauthorized actions being taken on...

CVE-2023-3291

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2...

GPAC 缓冲区错误漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC versions prior to 2.2.2 that stems from the presence of a heap-based buffer overflow vulnerability...

PT-2023-6576 · WordPress · Aajoda Testimonials

Name of the Vulnerable Software and Affected Versions: Aajoda Testimonials WordPress plugin versions prior to 2.2.2 Description: The issue is related to the lack of sanitization and escaping of some settings in the Aajoda Testimonials WordPress plugin, which could allow high-privilege users, such...

CVE-2023-3012

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2...

CVE-2023-3013

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2...

PT-2023-16800 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.2.2 Description: The issue is related to an Absolute Path Traversal in the GitHub repository mlflow/mlflow. Recommendations: For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue...

Gotify 跨站脚本漏洞

Gotify is a simple server to send and receive messages. A cross-site scripting vulnerability exists in Gotify server versions prior to 2.2.2, which stems from an XSS vulnerability that allows an authenticated user to upload an html file, which allows an attacker to execute client-side script and...

Cockpit 授权问题漏洞

Cockpit is an interactive server management interface. An authorization issue vulnerability exists in versions of Cockpit prior to 2.2.2, which stems from a bypass of the authentication mechanism...

CVE-2022-27619

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors...