EUVD-2026-39650

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

Fedora 42 : glow (2026-9d0e7df23a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9d0e7df23a advisory. Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even mor...

CVE-2025-68854

CVE-2025-68854 is a WordPress plugin vulnerability in ID Arrays (id-arrays)

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...

PT-2026-6766

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.2 Description Claude Code, an agentic coding tool, had a flaw in its bubblewrap sandboxing mechanism. The mechanism did not adequately protect the .claude/settings.json configuration file when it was absent at...

WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow

Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...

GHSA-GRH9-37G7-53MJ WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow

Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...

CVE-2025-66130 WordPress WP Views Counter plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through = 2.1.2...

CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

PT-2025-47086

Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2 Description A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the remove, update, pause, start, and triggerJob functions. This issue results in improper access...

CVE-2025-58252 WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through = 2.1.2...

WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Multimedia Playlist Slider Addon for WPBakery Page Builder versions = 2.1...

WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Custom User Registration Fields for WooCommerce versions = 2.1.2...

PT-2025-4620 · Unknown · Hesabfa Accounting

Name of the Vulnerable Software and Affected Versions: Hesabfa Accounting versions prior to 2.1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts...

CVE-2024-11204

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts versions = 2.1.2...

Ctcms Code Issues Vulnerabilities

Ctcms 赤兔cms is a video content management system from China's Red Rabbit Cms Ctcms company. Ctcms version 2.1.2 has a code issue vulnerability, the vulnerability stems from the file ctcms/apps/controllers/admin/Upsys.php has a file upload vulnerability...

PT-2022-5635 · Microsoft · Sql Server +3

Name of the Vulnerable Software and Affected Versions: .NET Framework versions prior to the November 2022 update System.Data.SqlClient versions prior to 4.8.5 Microsoft.Data.SqlClient versions prior to 2.1.2 Description: A vulnerability in .NET Framework allows attackers to obtain sensitive...