@appthen/x6-plugins (=0.1.4), @arch-diagram/core (>=0.0.1 <=0.0.2) +50 more potentially affected by unknown CVE via @antv/x6-plugin-stencil (>=2.0.2 <=2.1.5)

@antv/x6-plugin-stencil NPM version =2.0.2, =0.0.1, =0.0.2, =0.0.3, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.17 - @xrhcc-flow/busiflow =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINSTENCIL-16754383...

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

CVE-2025-66141 WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through = 2.0.2...

CVE-2025-58815 WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through = 2.0.2...

CVE-2024-42606

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/adminlog.php?clear=1...

CVE-2024-42604

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/admingroup.php?mode=deleteid=3...

CVE-2023-37981

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPKube Authors List plugin = 2.0.2 versions...

CVE-2025-32626 WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2...

CVE-2024-11606

CVE-2024-11606 : The Tabs Shortcode WordPress plugin (affected until version 2.0.2) does not validate or escape certain shortcode attributes before echoing them in the rendered page. This can permit users with the contributor role or higher to trigger a Stored Cross-Site Scripting (XSS) vulnerabi...

PT-2025-1747 · Unknown · Ars Affiliate Page Plugin

Name of the Vulnerable Software and Affected Versions: ARS Affiliate Page Plugin versions up to, and including, 2.0.2 Description: The issue is related to Reflected Cross-Site Scripting via the utm keyword parameter due to insufficient input sanitization and output escaping. This allows...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37622)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version exists cross-site request forgery vulnerability, the vulnerability stems from /admin/domainmanagement.php?id=0&list=whitelist&remove=pligg.com does not adequately verify whether the request is from ...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37617)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/admineditor.php does not adequately verify whether the request is from a trusted user , an attacker can use this...

PT-2024-30067 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=remove and widget=Statistics. This...

HelpDeskZ Cross-Site Scripting Vulnerability

HelpDeskZ is a free PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ 2.0.2 and prior versions, which stems from the presence of a cross-site scripting XSS...

Johnson Controls IQ Wifi 6 安全漏洞

Johnson Controls IQ Wifi 6 is a series of WiFi devices from Johnson Controls, Inc. A security vulnerability previously existed in Johnson Controls IQ Wifi 6 version 2.0.2, which stemmed from a brute force authentication attack that could be used by an unauthorized user to gain access to an accoun...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in unilogies bumsys versions prior to v2.0.2, which stems from an improper restriction in the UI layer or framework in which the software is rendered...

HashiCorp go-getter 输入验证错误漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...