CVE-2026-44317

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents...

SUSE CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

Siemens Siemens ROS#

SUMMARY ROS contains a ROS service fileserver, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts...

MariaDB Server 安全漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Vulnerabilities existed in versions prior to 11.4.10, as well as in versions 11.5.x to 11.8.x, up to 11.8.6, and 12.x up to 12.2.2. These vulnerabilities were due to a buffer overflow in the cachingsha2password...

CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

CVE-2025-68037

CVE-2025-68037 is a Reflected Cross-Site Scripting (XSS) in the WordPress plugin Export Media URLs (export-media-urls). Affected versions are up to 2.2; root cause is improper input neutralization during web page generation. CVSS 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L with base score 7.1 (HIGH)....

CVE-2026-24984

Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through = 2.2.9...

WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Block Slider versions = 2.2.3...

PT-2025-48609

The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...

CVE-2025-11821

The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooproductscustomtax' shortcode in all versions up to, and including, 2.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

WordPress E-namad & Shamed Logo Manager Plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin E-namad & Shamed Logo Manager versions = 2.2...

Flock Safety LPR 安全漏洞

Flock Safety LPR is a license plate recognition product from Flock Safety USA. A security vulnerability exists in Flock Safety LPR version 2.2 and prior versions that stems from improper access control of the chip debug interface...

CVE-2023-46627

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin = 2.1 versions...

CVE-2025-21595

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service DoS. On all Junos OS and Junos OS Evolved...

Apache VCL SQL注入漏洞

Apache VCL is a set of open source cloud computing platform of the American Apache Apache Foundation. An SQL injection vulnerability exists in Apache VCL versions 2.2 to 2.5.1, which stems from improper neutralization of special elements in SQL commands, and can be exploited by an attacker to cau...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.92...

PT-2025-7236 · Unknown · Notfound Gallery

Name of the Vulnerable Software and Affected Versions: NotFound Gallery versions n/a through 2.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

WordPress Plugin WP Post Columns Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-30746 · WordPress · Wp Meta/Date Remover

Name of the Vulnerable Software and Affected Versions: WP Meta and Date Remover WordPress plugin versions prior to 2.2.0 Description: The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output...

PT-2023-8903

Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.4.0 Rack versions 3.0.0 through 3.0.0.0 Description A denial of service vulnerability in the multipart parsing component of Rack could allo...