WordPress Advanced CF7 DB plugin <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion vulnerability

Cross-Site Request Forgery to Form Entry Deletion vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

CVE-2026-24544

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

EUVD-2025-38141

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

CVE-2025-53459

CVE-2025-53459 is rejected by the CVE Numbering Authority and does not represent an active vulnerability entry.

CVE-2025-58628

CVE-2025-58628 refers to a SQL injection vulnerability in the WordPress theme Miraculous (versions before 2.0.9). The issue is caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Public writeups and vulnerability feeds confirm affected software as ...

CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action...

WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin Master Addons for Elementor versions = 2.0.9.9.4...

Dragonfly 安全漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly prior to version 2.0.9 that stems from Dragonfly's use of hard-coded JWT to authenticate users, which could lead to authentication bypass...

Ubiquiti EdgeRouter 命令注入漏洞

The Ubiquiti EdgeRouter is a router from Ubiquiti, Inc. A command injection vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions, which stems from an incorrect manipulation of the parameter name that can lead to command injection...

Ubiquiti EdgeRouter 命令注入漏洞

The Ubiquiti EdgeRouter is a router from Ubiquiti USA. A command injection vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions, which stems from the fact that incorrect manipulation of the parameter suffix-rate-up can lead to command injection...

SUSE CVE-2019-12222

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9. There is an out-of-bounds read in the function SDLInvalidateMap at video/SDLpixels.c...

Linksys E1200 and E2500 OS Command Injection Vulnerability (CNVD-2019-22778)

The Belkin Linksys E1200 and E2500 are both wireless router products in the E-Series from Belkin USA. An operating system command injection vulnerability exists in the Belkin Linksys E1200 with firmware version 2.0.09 and the Linksys E2500 with firmware version 3.0.04, which can be exploited by...