agno SQL注入漏洞

Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Version 2.6.5 of Agno contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the ClickHouse vector database backend,...

WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WC Place Order Without Payment versions = 2.6.5...

CVE-2026-27460

The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...

Skuul school management system 代码注入漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A code injection vulnerability exists in Skuul School Management System version 2.6.5 and earlier, which stems from improper handling of SVG files in the file /dashboard/schools/1/edit, whi...

PT-2025-48387

Name of the Vulnerable Software and Affected Versions yungifez Skuul School Management System versions up to 2.6.5 Description A security issue exists in yungifez Skuul School Management System. The problem relates to the processing of the file /user/profile within the Image Handler component,...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

EUVD-2025-38446

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

EUVD-2025-19394

Malicious code in bioql PyPI...

EUVD-2025-4324

Malicious code in bioql PyPI...

CVE-2024-10499

The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

CVE-2025-47590

Cross-Site Request Forgery CSRF vulnerability in JExtensions Store WPSpeed wpspeed allows Cross Site Request Forgery.This issue affects WPSpeed: from n/a through = 2.6.5...

CVE-2025-47590

CVE-2025-47590 describes a CSRF vulnerability in WordPress WPSpeed up to version 2.6.5. The available data indicate a CSRF flaw that could enable unauthorized actions on behalf of an authenticated user (attack vector: CSRF; user interaction required per CVSS 3.1 vector). The CVE entry lists a mod...

WordPress plugin WPSpeed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

CVE-2025-27353

Cross-Site Request Forgery CSRF vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through = 2.6.5...

WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Namaste! LMS versions = 2.6.5...

CVE-2025-27353

CVE-2025-27353 describes a Cross-Site Request Forgery (CSRF) vulnerability in Namaste! LMS, affecting Namaste! LMS versions from n/a up to and including 2.6.5. The vulnerability is confirmed in multiple sources (e.g., Patchstack reference for WordPress Namaste! LMS Plugin