EUVD-2026-34873

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

PT-2026-47022

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...

PT-2026-36777

mutt before 2.3.2 has a show sig summary NULL pointer dereference...

EUVD-2026-5298

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25014

CVE-2026-25014 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Enter Addons (themelooks) affecting Enter Addons versions from n/a up to and including 2.3.2. The CVSS v3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and part...

CVE-2026-24556 WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

WordPress plugin ElementCamp has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2026-2326

In the Linux kernel, the following vulnerability has been resolved: fuse: missing copyfinish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse argument copies. Joanne: simplified error cleanup...

EUVD-2025-204585

Orejime has executable code in HTML attributes...

CVE-2025-68457 Orejime has executable code in HTML attributes

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

CVE-2025-49393

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

EUVD-2025-38012

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

EUVD-2025-36009

Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through = 2.3.2...

CVE-2025-50040 WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Stored XSS.This issue affects CF7 Spreadsheets: from n/a through = 2.3.2...

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

GHSA-VF84-MXRQ-CRQC OpenBao Root Namespace Operator May Elevate Token Privileges

Impact Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...