Intel Data Center Graphics Driver 缓冲区错误漏洞

The Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation for data center GPUs and graphics acceleration devices. Versions of the Intel Data Center Graphics Driver prior to 2.0.2 contained a buffer error vulnerability. This vulnerability stemmed from...

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +1 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

CVE-2025-53217

The CVE-2025-53217 entry concerns the WordPress plugin AIO WP Builder (staviravn all-in-one-wp-builder) with versions up to and including 2.0.2, where a Missing Authorization vulnerability allows exploitation of incorrectly configured access control. The root cause is broken access control in the...

PT-2026-6039

Name of the Vulnerable Software and Affected Versions Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress versions up to and including 2.0.2 Description The Robin Image Optimizer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs...

CVE-2025-66141 WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through = 2.0.2...

CVE-2023-4829

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.0.22...

EUVD-2025-29260

Malicious code in bioql PyPI...

PT-2025-38899

Name of the Vulnerable Software and Affected Versions JoomSky JS Job Manager versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instance is a Stored XSS issue. The...

CVE-2025-59145

The CVE-2025-59145 affects color-name (npm package) version 2.0.1 where a malware payload was introduced via an attacker‑compromised npm account, targeting browser contexts to redirect cryptocurrency transactions (e.g., MetaMask). Local/server/CLI environments are not affected. npm removed the co...

CVE-2025-58815 WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through = 2.0.2...

CVE-2025-28954

CVE-2025-28954 (Backwp) is a CSRF vulnerability in the Backwp plugin for WordPress, affecting versions up to 2.0.2. The CVSS 3.1 base score is 7.4 (HIGH) with network access, require user interaction, and impact limited to availability (C) with availability impact HIGH. Root cause and exact explo...

CVE-2024-42606

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/adminlog.php?clear=1...

CVE-2024-42604

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/admingroup.php?mode=deleteid=3...

CVE-2023-37981

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPKube Authors List plugin = 2.0.2 versions...

CVE-2025-32626 WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2...

WordPress WP Wiki Tooltip plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP Wiki Tooltip versions = 2.0.2...