51 matches found
CVE-2026-33121
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...
CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...
CVE-2026-5109 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...
CVE-2026-5113
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...
VideoFlow Digital Video Protection 路径遍历漏洞
VideoFlow Digital Video Protection is a broadcast-grade video transmission device developed by VideoFlow Corporation in the United States. Version 2.10 of VideoFlow Digital Video Protection contains a path traversal vulnerability. This vulnerability stems from authenticated directory traversal,...
CVE-2026-40744
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...
EUVD-2026-19428
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...
CVE-2026-34890 WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...
WordPress Plugin MSTW League Manager 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-28088
Name of the Vulnerable Software and Affected Versions mtrojnar Osslsigncode versions prior to 2.10 Description A flaw exists in mtrojnar Osslsigncode that could allow a remote attacker to gain higher system privileges. This issue is related to the osslsigncode.c component. Recommendations Update ...
CVE-2025-70888
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2025-68028
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...
CVE-2019-25256
CVE-2019-25256 affects VideoFlow Digital Video Protection DVP 2.10. An authenticated directory traversal exists due to unvalidated ID parameters (e.g., via scripts like downloadsys.pl) allowing access to arbitrary system files. Impact includes potential exposure of sensitive files (CONFIDENTIALIT...
i-Educar SQL注入漏洞
i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...
CVE-2025-8709
CVE-2025-8709 affects langgraph-checkpoint-sqlite 2.0.10 in LangGraph’s SQLite store. The root cause is improper string concatenation of filter keys in _get_filter_condition(), allowing SQL injection via filter parameters and potentially exposing all documents and sensitive fields (e.g., password...
CVE-2025-62419
DataEase (DataEase platform) prior to v2.10.14 contains a JDBC URL injection in the DB2 data source handler: when extraParams is empty, HOSTNAME, PORT, and DATABASE are concatenated into the JDBC URL without filtering, allowing an attacker to inject a malicious JDBC string via HOSTNAME to bypass ...
EUVD-2025-29209
Malicious code in bioql PyPI...
EUVD-2025-29684
Malicious code in bioql PyPI...
EUVD-2025-29751
Malicious code in bioql PyPI...