WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wackydawg in WordPress Plugin LoginPress Pro versions = 6.2.2...

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to v6.2.2 that stems from the presence of a stored cross-site scripting XSS vulnerability...

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

PT-2020-5160 · Python Imaging Library +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is caused by the FpxImagePlugin.py file calling the range function on an unvalidated 32-bit integer, which can lead to a denial of service DoS if the number of bands is large. On Windows...