CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

CVE-2025-68001

Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through = 2.1.0...

CVE-2026-24629

CVE-2026-24629 concerns a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Web Accessibility with Max Access (accessibility-toolbar) by Ability, Inc. The issue arises from improper input neutralization during web page generation and affects the product family as deployed in...

CVE-2026-24542 WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...

WordPress plugin Web Accessibility with Max Access has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-69004

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

Fedora 43 : tkimg (2025-13b23a6952)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-13b23a6952 advisory. Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built against TCL/TK 9. Fix FTBFS. Tenable has extracted the preceding...

CVE-2025-60235

Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce Premium support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce Premium: from n/a through = 2.0.7...

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

CVE-2025-60235

Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce Premium support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce Premium: from n/a through = 2.0.7...

EUVD-2025-29767

Malicious code in bioql PyPI...

EUVD-2021-28047

Malicious code in bioql PyPI...

Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from a hard-coded use of the HTTP protocol instead of HTTPS when downloading small files in the scheduler...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2024-10884

The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to...

CVE-2019-17220

Rocket.Chat before 2.1.0 allows XSS via a URL on a !title line...

WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hebrew Date versions = 2.1.0...

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

CVE-2023-0588

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...