CVE-2026-35443

NamelessMC (website software for Minecraft servers) is affected in version 2.2.4. The vulnerability lies in modules/Forum/classes/ForumPostReactionContext.php, where topic-level view_other_topics authorization is not re-enforced, allowing reactions on other users’ topics to be read and modified. ...

CVE-2025-64290

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...

PT-2025-44265

Name of the Vulnerable Software and Affected Versions Premmerce Product Search for WooCommerce versions through 2.2.4 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance...

CVE-2025-48362

Cross-Site Request Forgery CSRF vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through = 2.2.5...

Linux Distros Unpatched Vulnerability : CVE-2024-52046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ObjectSerializationDecoder in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the necessary security...

CVE-2024-1277

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to...

CVE-2024-53718

Cross-Site Request Forgery CSRF vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through = 2.2.4...

PT-2025-1761 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System plugin for WordPress versions up to, and including, 2.2.4 Description: The WP Job Portal plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing validation on a user...

DEBIAN-CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-43260

Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4...

PT-2024-23124 · Cosign +1 · Cosign +1

Name of the Vulnerable Software and Affected Versions: Cosign versions prior to 2.2.4 Description: Cosign provides code signing and transparency for containers and binaries. Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all...

PT-2023-29338 · WordPress · Wp Doctor Woocommerce Login Redirect

Name of the Vulnerable Software and Affected Versions: WP Doctor WooCommerce Login Redirect plugin versions = 2.2.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

PYSEC-2022-263

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation...

PT-2022-24176 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.2.4 through 2.3.3 Description: The issue concerns the database webserver session backend, which was susceptible to session fixation. This means an attacker could potentially fixate a session ID on a user's browser,...

ATutor cross-site scripting vulnerability (CNVD-2019-03592)

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in Atutor 2.2.4 and earlier versions. A remote attacker can...