CVE-2026-42729

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

PT-2026-43641

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

Netatalk 授权问题漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.2 to 4.4.2 of Netatalk contained vulnerabilities related to authorization. These vulnerabilities stemmed from...

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

Siemens ROS# 安全漏洞

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Versions of Siemens ROS prior to V2.2.2 contained security vulnerabilities. These vulnerabilities were caused by improperly cleaned user inputs, leading to path traversal attacks. Th...

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

WordPress Events Addon for Elementor plugin <= 2.2.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Events Addon for Elementor versions = 2.2.2...

Incorrect Authorization

Overview @clerk/nuxt is a Clerk SDK for Nuxt Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected routes by crafting requests tha...

EUVD-2026-18235

CocoaMQTT: Denial of Service via Reachable Assertion in PUBLISH Packet Parsing...

CVE-2026-30867

CocoaMQTT prior to v2.2.2 is vulnerable to a Denial of Service via a malformed 4-byte PUBLISH payload with the RETAIN flag set. A malicious broker or attacker can cause a vulnerable iOS/macOS/tvOS client to crash when it subscribes to the affected topic, leading to a persistent DoS until the reta...

CVE-2026-34603

CVE-2026-34603 affects TinaCMS: its media endpoints in @tinacms/cli (and related GraphQL handling) allow escaping the media root when symlinks or junctions exist in the media directory. The issue stems from lexical path-traversal checks that do not resolve symlink targets, enabling operations (li...

CVE-2026-34604

CVE-2026-34604 affects TinaCMS GraphQL’s FilesystemBridge, where path containment checks use string-based validation (path.resolve and startsWith) that fail to account for symlinks/junctions. If a symlink exists under the allowed content root, operations like get(), put(), delete(), and glob() ca...

GO-2026-4848 Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

CVE-2024-35644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

EUVD-2024-55469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

CVE-2024-35644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...