CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

GHSA-32PX-CCFX-CXQ3 Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

RockyLinux 9 : python3.11 (RLSA-2026:4216)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4216 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

CVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code...

CVE-2025-49889 WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6...

WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...

redis:6 security update

6.2.18-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in the SunGrow iSolarCloud Android app version...

PT-2024-24404 · Unknown · Wp Mail Catcher

Name of the Vulnerable Software and Affected Versions: WP Mail Catcher versions through 2.1.6 Description: A Cross-Site Request Forgery CSRF issue affects James Ward WP Mail Catcher. This allows an attacker to perform unintended actions on a user's account. Recommendations: For WP Mail Catcher...

PT-2023-31691 · WordPress · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding versions through 2.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

CVE-2023-34025

Cross-Site Request Forgery CSRF vulnerability in LWS LWS Hide Login plugin = 2.1.6 versions...

CVE-2023-5357 Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

SUSE CVE-2011-0466

The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-29216 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-29216 Source advisory: OSV:GHSA-75C9-JRH4-79MC...

0726react (=0.1.1), 0x0range-homebridge-homeassistant (>=1.0.0 <=1.0.1) +8947 more potentially affected by CVE-2022-1650 via eventsource (>=0.0.10 <=1.1.0)

eventsource NPM version =0.0.10, =1.0.0, =1.0.4, =1.0.0, =0.0.1, =0.1.0, =1.4.0, =1.0.3, =1.0.4, =3.0.2, =5.0.1-0 and more Source cves: CVE-2022-1650 Source advisory: OSV:GHSA-6H5X-7C5M-7CR7...