CVE-2026-27837

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +58 more potentially affected by CVE-2025-68493 via com.opensymphony:xwork (>=2.0.4 <=2.1.3)

com.opensymphony:xwork MAVEN version =2.0.4, =1.2.1, =4.0.1, =0.9.2, =1.1.5, =1.3.3, =1.3.1, =2.0.5-incubating, =2.0.9, =2.0.11, =2.0.9, =2.0.9, =2.0.9, =2.1.6 - org.apache.struts:struts2-convention-plugin =2.1.6 and more Source cves: CVE-2025-68493 Source advisory: OSV:GHSA-QCFC-HMRC-59X7...

WordPress plugin CBX Bookmark & Favorite SQL注入漏洞

...

CVE-2025-68578

Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through = 2.0.4...

Linux Distros Unpatched Vulnerability : CVE-2024-40635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User...

PT-2025-15796 · WordPress · Ankit Singla Wordpress Spam Blocker

Name of the Vulnerable Software and Affected Versions: Ankit Singla WordPress Spam Blocker versions 2.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

OESA-2025-1350 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

OESA-2025-1324 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

WordPress Divi Carousel Lite plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability discovered by Webbernaut in WordPress Plugin Divi Carousel Lite versions = 2.0.4...

PT-2025-4506 · Unknown · Simple Locator

Name of the Vulnerable Software and Affected Versions: Simple Locator versions n/a through 2.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS in NotFound Simple Locator...

PT-2024-37075 · Glpi · Tasklists

Name of the Vulnerable Software and Affected Versions: Tasklists versions prior to 2.0.4 Description: The issue is related to a blind SQL injection vulnerability. Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 are affected. Recommendations: For versions prior to 2.0.4, upda...

WordPress plugin The Authors List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

CVE-2024-51586

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4...

aaa-ml-datasets-course (=1.0.0), addownloader (>=0.2.3 <=0.2.12) +679 more potentially affected by CVE-2024-39705 via nltk (>=2.0.4 <=3.8.1)

nltk PYPI version =2.0.4, =0.2.3, =0.2.0, =0.0.1, =0.1.0, =0.0.9, =0.17.0, =0.0.1rc1, =0.1.0, =6.1.0, =6.1.4 and more Source cves: CVE-2024-39705 Source advisory: OSV:PYSEC-2024-167...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +80 more potentially affected by CVE-2023-25662 via tensorflow-gpu (>=1.10.1 <=2.0.4)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.2, =0.6.7, =0.1.2, =0.1.0, =0.1.2 - dragonn =0.4.2 and more Source cves: CVE-2023-25662 Source advisory: OSV:GHSA-7JVM-XXMR-V5CW...

CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

react-native-url-preview (=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=2.0.4 <=2.1.13)

link-preview-js NPM version =2.0.4, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: SNYK:JS-LINKPREVIEWJS-2933520...

GHSA-H7MF-QRM9-2848 OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.28.0), com.alibaba.hbase:alihbase-connector (>=2.0.29.2 <=2.1.2.2) +208 more potentially affected by CVE-2020-9492 via org.apache.hadoop:hadoop-common (>=2.0.4-alpha <=2.10.0)

org.apache.hadoop:hadoop-common MAVEN version =2.0.4-alpha, =0.18.5, =2.0.29.2, =0.3.0, =0.3.0, =2.10.6.9, =3.0.0, =3.0.0, =0.24.0, =0.24.0, =0.24.0, =0.24.0, =0.19.3, =0.19.3, =0.24.0, =0.24.0, =0.25.0 and more Source cves: CVE-2020-9492 Source advisory: OSV:GHSA-F8VC-WFC8-HXQH...