CVE-2026-44058 Authentication bypass via admin auth user

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

CVE-2026-44058

CVE-2026-44058 affects Netatalk 2.2.2 through 4.4.2 and allows an authentication bypass via the admin auth user mechanism. Root cause described as an authentication bypass, enabling a remote attacker to authenticate as an arbitrary user. The issue is fixed in Netatalk 4.5.0. The CVSS v3.1 baselin...

PT-2026-42414

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.2.2 through 4.4.2 Description An authentication bypass allows a remote privileged user to authenticate as an arbitrary user through the admin auth user mechanism. Recommendations Update to version 4.5.0...

WordPress plugin LifePress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CLEANSTART-2026-HX97842 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-54410, CVE-2025-58181, CVE-2025-58190, CVE-2025-61727, CVE-2025-61729, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.2.2-r6, 2.3.2-r4, 2.4.4-r2, 2.5.0-r0, 2.5.0-r1

Multiple security vulnerabilities affect the openbao-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Symlink Attack

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Symlink Attack via multiple actions, including debug:log, fs:delete, and archive extraction. A user who create and execute Scaffolde...

CVE-2025-67543 WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...

PT-2025-49919

Name of the Vulnerable Software and Affected Versions Catch Themes Essential Widgets versions through 2.2.2 Description A flaw exists in Catch Themes Essential Widgets that allows for Stored Cross-site Scripting XSS. This issue occurs due to improper neutralization of input during web page...

WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dadevarzan WordPress Common versions = 2.2.2...

PT-2025-35019

Name of the Vulnerable Software and Affected Versions: AutoWP versions through 2.2.2 Description: A missing authorization flaw exists in Neuralabz LTD AutoWP, allowing exploitation due to incorrectly configured access control security levels. Recommendations: AutoWP versions prior to 2.2.3 are...

AZL-60913 CVE-2025-2953 affecting package pytorch for versions less than 2.2.2-7

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2. A patched version of the package is available...

WordPress plugin WP Ajax Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-14453 · Woo · Woocommerce Product Vendors

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Vendors versions through 2.2.2 Description: A Missing Authorization issue affects the Woo WooCommerce Product Vendors. Recommendations: For versions through 2.2.2, update to a version later than 2.2.2 to resolve the issue...

PT-2024-3951 · Myoffice · Myoffice Sdk

Name of the Vulnerable Software and Affected Versions: New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8 Description: The issue is related to the implementation of the WOPI protocol in the MyOffice SDK, which lacks sufficient checking of incoming requests. This allows...

PT-2023-31082 · Oceanwp · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra versions through 2.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7956 more potentially affected by CVE-2022-2421 via socket.io-parser (>=2.2.2 <=3.3.0)

socket.io-parser NPM version =2.2.2, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =1.0.1, =2.16.1, =1.0.0-RC.1, =0.1.0, =1.0.1, =1.0.3 and more Source cves: CVE-2022-2421 Source advisory: OSV:GHSA-QM95-PGCG-QQFQ...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29551 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29551 Source advisory: OSV:GHSA-VQW6-72R7-FGW7...