CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

PT-2026-31305

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer plugin for WordPress versions up to and including 2.0.8 Description The Page Builder: Pagelayer plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Button widget's Custom Attributes field. This is...

CVE-2026-32536

CVE-2026-32536 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Green Downloads (halfdata-paypal-green-downloads) up to version

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-30948 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-30948 Source advisory: OSV:GHSA-HCJ7-6GXH-24WW...

EUVD-2025-204251

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

CVE-2025-48069 ejson2env has insufficient input sanitization

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...

WordPress WP Announcement plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin WP Announcement versions = 2.0.8...

PT-2023-3650 · Unknown · Spidercontrol Scada Web Server

Name of the Vulnerable Software and Affected Versions: SpiderControl SCADA Webserver versions 2.08 and prior Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to cause a...

CVE-2021-44170

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

SUSE-SU-2018:1850-1 Security update for python-paramiko

This update for python-paramiko to version 2.0.8 fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authenticati...

VulnCheck KEV: CVE-2009-3041

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...