CVE-2026-33678

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads ...

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Gyan Elements versions = 2.2.1...

PT-2026-5874

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions through 2.2.0 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and...

CVE-2025-14112

The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menustyle' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Import into Easy Property Listings 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...

EUVD-2024-21691

Malicious code in bioql PyPI...

CVE-2025-57987

Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through = 2.2.1...

WordPress plugin WP-Revive Adserver 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

QNAP Systems QuMagie SQL Injection Vulnerability

QNAP Systems QuMagie is a QTS photo management application from QNAP Systems. A SQL injection vulnerability exists in QNAP Systems QuMagie prior to version 2.2.1, which stems from the presence of a SQL injection vulnerability that could allow an authenticated user to inject malicious code over th...

PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...