EUVD-2026-15592

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through = 2.1.2...

CVE-2026-23977

CVE-2026-23977 concerns the WordPress plugin WPFactory Helpdesk Support Ticket System for WooCommerce (up to and including version 2.1.2). The issue is a Broken Access Control vulnerability caused by incorrectly configured access control security levels, allowing unauthorized access. Public data ...

WordPress plugin Payment Gateway Authorize.Net CIM for WooCommerce has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-68994

Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through = 2.1.2...

PT-2025-51418

Name of the Vulnerable Software and Affected Versions etruel WP Views Counter versions through 2.1.2 Description An issue exists in etruel WP Views Counter where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. Recommendations...

langgraph 代码问题漏洞

langgraph is a large modeling framework open-sourced by LangChain. A code issue vulnerability exists in langgraph version 2.1.2 and below, which stems from a remote code execution vulnerability in JsonPlusSerializer when deserializing payloads saved in json mode...

WordPress Getwid Plugin <= 2.1.2 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by MD ISMAIL in WordPress Plugin Getwid versions = 2.1.2...

CVE-2023-34168

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2...

AZL-57450 CVE-2025-22868 affecting package blobfuse2 for versions less than 2.1.2-8

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

CVE-2025-23959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Linus Lundahl Good Old Gallery good-old-gallery allows Reflected XSS.This issue affects Good Old Gallery: from n/a through = 2.1.2...

PT-2024-29968 · Github · Actions/Artifact

Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...

CVE-2022-4539

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...

WordPress Seo Optimized Images Plugin 2.1.2 is vulnerable to Backdoor

Software Seo Optimized Images Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 88a9e93519c2 Credits WordFence Required privilege Unauthenticated...

PT-2024-24009 · Elex · Elex Woocommerce Dynamic Pricing/Discounts

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Dynamic Pricing and Discounts versions 2.1.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, which could potentially allow unauthorized actions to be performed on behalf of a user...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...

aicns-raw-data-loader (=0.1.0), aicns-univariate-analyzer (>=0.5.1 <=0.8.1) +85 more potentially affected by CVE-2022-33891 via pyspark (>=2.1.2 <=3.0.3)

pyspark PYPI version =2.1.2, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2022-33891 Source advisory: OSV:PYSEC-2022-236...

PYSEC-2020-284

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

PYSEC-2020-113

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

PYSEC-2020-132

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one...

PYSEC-2020-270

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...