CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

DEBIAN-CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

WordPress Wallet System for WooCommerce plugin <= 2.6.2 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Tim Coen in WordPress Plugin Wallet System for WooCommerce versions = 2.6.2...

WordPress WP2APP Plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP2APP versions = 2.6.2...

CVE-2023-31093

Cross-Site Request Forgery CSRF vulnerability in Chronosly Chronosly Events Calendar plugin = 2.6.2 versions...

CVE-2022-43455

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the servicestart, servicestop, and servicerestart modules of the software. This could allow an attacker to start, stop, or restart arbitrary...

CVE-2022-29967

staticcompressedinmemorywebsitecallback.c in Glewlwyd through 2.6.2 allows directory traversal...

SUSE-SU-2021:3944-1 Security update for glib-networking

This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset bsc1172460...

PT-2020-15442 · Jenkins · Jenkins Matrix Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not...

Zeek Network Security Monitor Code Issue Vulnerability

Zeek Network Security Monitor Bro is a set of network analysis frameworks that provide network security monitoring, network traffic analysis, and more. A security vulnerability exists in Zeek Network Security Monitor versions prior to 2.6.2. An attacker can exploit this vulnerability to cause a...