752 matches found
CVE-2026-32489
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-32536
CVE-2026-32536 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Green Downloads (halfdata-paypal-green-downloads) up to version
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...
EUVD-2026-14015
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...
CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-2501
CVE-2026-2501 : The Ed's Social Share WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s social_share shortcode in all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes. This enables auth...
WordPress plugin Smarter Analytics 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2024-55479
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
Vanna SQL注入漏洞
Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...
Vanna SQL注入漏洞
Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...
EulerOS 2.0 SP10 : gdb (EulerOS-SA-2026-1307)
According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2026-1343)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-13777
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...
PT-2026-25216
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...
CVE-2026-32138 NEXULEAN API Key Leak
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...
PT-2026-25031
Shopware is an open commerce platform. /api/ info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...
CVE-2026-31854
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-30948 via parse-server (>=2.0.8 <=7.5.4)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-30948 Source advisory: OSV:GHSA-HCJ7-6GXH-24WW...
SAPIDO RB-1732 安全漏洞
SAPIDO RB-1732 is a wireless router produced by SAPIDO Company in Taiwan, China. The SAPIDO RB-1732 V2.0.43 version has a security vulnerability. This vulnerability stems from the formSysCmd endpoint, which allows remote command execution, potentially enabling unverified attackers to execute...
EUVD-2026-9741
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects Run Gran: from n/a through = 2.0...