CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

EUVD-2024-34674

Malicious code in bioql PyPI...

EUVD-2023-58375

Malicious code in bioql PyPI...

CVE-2025-39496 WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6...

PT-2025-34989

Name of the Vulnerable Software and Affected Versions: WBW WooBeWoo Product Filter Pro versions prior to 2.9.6 Description: The software contains a SQL injection issue due to improper neutralization of special elements used in an SQL command. Recommendations: Update WBW WooBeWoo Product Filter Pr...

WordPress plugin和WordPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2023-46198

Cross-Site Request Forgery CSRF vulnerability in Scientech It Solution Appointment Calendar plugin = 2.9.6 versions...

CVE-2025-30910

CM Download Manager (WordPress plugin)

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

autMan 安全漏洞

autMan is a powerful automation software system from autMan Inc. A security vulnerability exists in autMan version v2.9.6 that stems from an access control issue...

Tormach PathPilot Controller 安全漏洞

Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker has exploited the vulnerability to cause a denial of service DoS via specially crafted commands...

PT-2024-19574 · Tormach · Tormach Xstech Cnc Router +1

Name of the Vulnerable Software and Affected Versions: Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 Description: The issue in the communication protocol allows attackers to cause a Denial of Service DoS via crafted commands. Recommendations: For version 2.9.6, consider restrictin...

WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Appointment Calendar Type Plugin Vulnerable versions = 2.9.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30561 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1a521c54a658 Credits Dimas Maulana Required privilege...

PT-2023-32528 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to, and including, 2.9.6 Description: The issue allows administrators to upload .pem or .crt files to arbitrary locations on the server via the upload certificate file function, making it...

WordPress Cool Author Box - For Widget and Post Content Plugin <= 2.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Cool Author Box - For Widget and Post Content Type Plugin Vulnerable versions = 2.9.5 Fixed in 2.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 965a0456c07b Credits...

Authorization

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

CVE-2022-46153 Routes exposed with an empty TLSOption in traefik

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...