CVE-2026-34896

Cross-Site Request Forgery CSRF vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1...

EUVD-2026-33250

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

WordPress CC Child Pages plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.1.1...

GHSA-3H63-FX68-X5FM omec-project amf crashes when processing malformed LocationReports

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

EUVD-2026-20156

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

CVE-2026-34896

Cross-Site Request Forgery CSRF vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1...

EUVD-2026-10427

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

Azure Linux 3.0 Security Update: python-waitress (CVE-2022-24761)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24761 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions...

AZL-73066 CVE-2025-68345 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41hdareadacpi The acpigetfirstphysicalnode function can return NULL, in which case the getdevice function also returns NULL, but this value is then dereferenced without...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the JCE Cipher.doFinal function in org/bouncycastle/jcajce/provider/BaseCipher when the same byte array is used for both input and output during native encrypt or decrypt operations. An attacker can cause data...

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely...

bumsys 跨站请求伪造漏洞

bumsys is an open source project called Business Management System by the individual developers of unilogies. A cross-site request forgery vulnerability exists in versions of unilogies/bumsys prior to 2.1.1, which stems from the presence of cross-site request forgery...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-24381

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes Advanced Social Pixel plugin = 2.1.1 versions...

SUSE CVE-2018-16477

A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...

AZL-7098 CVE-2021-45486 affecting package kernel for versions less than 5.15.2.1-1

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small...

IBM Security Privileged Identity Manager Path Traversal Vulnerability

IBM Security Privileged Identity Manager ISPIM is an identity management product within the IBM Identity Governance and Management solution from IBM in the United States. The product is designed to protect, automate and audit the use of privileged identities to help defend against insider threats...

Apache CouchDB Elevation of Privilege Vulnerability

Apache CouchDB is the United States Apache Apache Software Foundation , a free , open source , document-oriented database , is a use of JSON as a storage format , JavaScript as a query language , MapReduce and HTTP as the API of the NoSQL database . An elevation of privilege vulnerability exists ...

Unspecified Vulnerability in Oracle Fusion Middleware Business GlassFish Server

Oracle Fusion Middleware is a comprehensive middleware portfolio of SOA and middleware products. A security vulnerability exists in Oracle Fusion Middleware versions 2.1.1, 3.0.1, GlassFish Server component, which can be exploited by remote attackers to compromise confidentiality...