CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

CVE-2026-34229

CVE-2026-34229 affects Emlog prior to version 2.6.8, with a stored XSS in the comment module triggered via bypass of URI scheme validation. The underlying issue is a URI scheme validation bypass, allowing injection of script payloads into comments. The vulnerability is addressed in version 2.6.8 ...

CVE-2026-4216

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

SoftIron HyperCloud 安全漏洞

SoftIron HyperCloud is an intelligent cloud architecture developed by SoftIron Corporation. Versions of SoftIron HyperCloud 2.6.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability to directly use refresh tokens for resource access, without ensuring that...

PT-2026-20983

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.8 Description A command injection issue exists in Deno's node:child process implementation. The issue allows for arbitrary command execution through crafted input provided to the spawnSync function when the shell...

CVE-2026-25767

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767 LavinMQ has incomplete shovel configuration validation

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767 LavinMQ has incomplete shovel configuration validation

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

PT-2026-7896

Name of the Vulnerable Software and Affected Versions LavinMQ versions prior to 2.6.8 Description LavinMQ is a high-performance message queue and streaming server. An authenticated user with the “Policymaker” tag could create shovels bypassing access controls. Specifically, an authenticated user...

MiracleLinux 7 : ruby-2.0.0.648-39.0.1.el7.AXS7 (AXSA:2024-8934:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8934:03 advisory. CVE-2021-41819: when parsing cookies, only decode the values CVEs: CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in...

CVE-2025-15453

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

WordPress Brizy – Page Builder plugin <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Brizy versions = 2.6.8...

CVE-2024-30199

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through = 2.6.8...

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.8 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.8...

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8614 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID d16b486be3a5 Credits Tonn Required privilege Subscriber Published 5...

PT-2024-32609 · Unknown · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit versions through 2.6.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This problem allows for Stored XSS, which means an attacker can...

WordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Jeg Elementor Kit versions = 2.6.8...