CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2018-25310

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

CVE-2026-34890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

EUVD-2025-209012

An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...

CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

CVE-2026-2064 Portabilis i-Educar User Data meusdadod.php cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

PT-2025-53341

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10 Description The software contains an authenticated remote code execution issue that enables attackers to execute system commands with root privileges. Exploitation occurs through a cross-site...

PT-2025-53342

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10 Description The software contains a directory traversal issue that allows attackers to access arbitrary system files. This is possible due to unvalidated ID parameters. Attackers can exploit...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

CVE-2025-49920

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through = 2.10...

EUVD-2025-35538

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through = 2.10...

CVE-2025-49920

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through = 2.10...

CVE-2025-49920 WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through = 2.10...

EUVD-2020-0031

Malware in sbrugna...

EUVD-2024-28478

Malicious code in bioql PyPI...

EUVD-2025-26890

Malicious code in bioql PyPI...

EUVD-2021-34091

Malicious code in bioql PyPI...

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar 2.10 and earlier versions, which stems from incorrect manipulation of the parameter ID in the file /module/ComponenteCurricular/edit, and could lead to a SQL injection attack...

CVE-2025-10666 D-Link DIR-825 apply.cgi sub_4106d4 buffer overflow

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub4106d4 of the file apply.cgi. The manipulation of the argument countdowntime results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...

PT-2025-38140

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within...