CVE-2026-44545

CVE-2026-44545 affects daphne prior to 4.2.2, where maxFramePayloadSize and maxMessagePayloadSize were not passed to Autobahn’s WebSocketServerFactory. Autobahn defaults these values to 0 (unlimited), enabling an unauthenticated remote attacker to send arbitrarily large WebSocket messages or fram...

EUVD-2026-12812

Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...

CVE-2026-32565

CVE-2026-32565 concerns the WordPress plugin Contextual Related Posts (versions before 4.2.2). The issue is a Missing Authorization vulnerability arising from broken access control, allowing exploitation under unauthenticated conditions (per CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N; base score 5...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...

CVE-2025-6676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting XSS.This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2...

CVE-2021-28962

Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...

Stormshield Network Security 命令注入漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A command injection vulnerability exists in Stormshield Network Security because the product does not effectively restrict command line input data. The vulnerability can b...

Ampache SQL注入漏洞

Ampache is a web-based audio/video application and file manager. An SQL injection vulnerability exists in versions prior to Ampache 4.2.2 that allows unauthenticated users to perform SQL injection...

CVE-2018-4090

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a...

CVE-2016-1213

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites...

CVE-2016-1220

Cybozu Garoon before 4.2.2 does not properly restrict access...

CVE-2016-1217

Cross-site scripting XSS vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2...

CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use...

CVE-2016-6195

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...