EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

CVE-2026-1116

A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

SUSE CVE-2026-33313

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...

CVE-2022-0527

Cross-site Scripting XSS - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0...

CVE-2025-52792 WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in vgstef WP User Stylesheet Switcher wp-user-stylesheet-switcher allows Stored XSS.This issue affects WP User Stylesheet Switcher: from n/a through = v2.2.0...

CVE-2023-28535

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Paytm Paytm Payment Donation plugin = 2.2.0 versions...

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

Intel QuickAssist Technology 输入验证错误漏洞

Intel QuickAssist Technology is an Intel technology that improves server utilization. The technology improves server efficiency by sharing the stress of compute-intensive tasks to equalize server pressure. An input validation error vulnerability exists in Intel QuickAssist Technology versions pri...

bumsys 跨站脚本漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A cross-site scripting vulnerability exists in versions of bumsys prior to 2.2.0, which stems from a stored cross-site scripting XSS vulnerability...

Teradici Management Console 安全漏洞

Teradici Management Console is a management console from Teradici Canada Inc. It enables IT administrators to easily manage, monitor and scale PCoIP Zero Clients and Remote Workstation Cards in their deployments. A security vulnerability exists in Teradici Management Console version 2.2.0 that...

aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84281)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 2.2.0, which can be used by an attacker to steal cookies, passwords, or run arbitrary code on a victim's browser...

JerryScript heap buffer overflow vulnerability (CNVD-2021-42990)

JerryScript is a lightweight JavaScript engine . A heap buffer overflow vulnerability exists in litreadcodeunitfromutf8 in lit-strings.c:431 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

Unspecified vulnerability in JerryScript (CNVD-2021-42987)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in parserparsestatements in js-parser-statm.c:2756 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15206 via tensorflow (=2.2.0)

tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15206 Source advisory...

PT-2020-15584

Name of the Vulnerable Software and Affected Versions: xxl-job version 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the AppName and AddressList parameters in the...