CVE-2026-35443

NamelessMC (website software for Minecraft servers) is affected in version 2.2.4. The vulnerability lies in modules/Forum/classes/ForumPostReactionContext.php, where topic-level view_other_topics authorization is not re-enforced, allowing reactions on other users’ topics to be read and modified. ...

EUVD-2026-32182

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

EUVD-2026-31233

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

WordPress Gallery Custom Links Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by NumeX in WordPress Plugin Gallery Custom Links versions = 2.2.5...

WordPress Genealogical Tree plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Genealogical Tree versions = 2.2.6...

PT-2025-5574 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.2.5 through 3.13.0 Description: A function from the snowflake.connector.pandas tools module is vulnerable to SQL injection. This issue arises because the function does not sanitize all of its argument...

WordPress plugin Wp Ultimate Review 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24771 · Unknown · Wp Ultimate Review

Name of the Vulnerable Software and Affected Versions: Wp Ultimate Review versions 2.2.5 and earlier Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability, allowing functionality bypass in Wpmet Wp Ultimate Review. Recommendations: For versions 2.2.5...

PT-2024-24770 · Unknown · Wp Ultimate Review

Name of the Vulnerable Software and Affected Versions: Wp Ultimate Review versions 2.2.5 and earlier Description: A Missing Authorization issue affects the specified software. Recommendations: For versions 2.2.5 and earlier, update to a version that contains a fix for this issue, if available. At...

PT-2024-24769 · WordPress · Wp Ultimate Review

Name of the Vulnerable Software and Affected Versions: Wp Ultimate Review versions 2.2.5 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 2.2.5 and...

Authentication flaw

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

PT-2023-29485 · Openmct · Openmct

Name of the Vulnerable Software and Affected Versions: openmct versions 2.2.5 through 3.1.0 Description: The issue concerns a prototype pollution that can occur via an import action. Recommendations: For openmct versions 2.2.5 through 3.1.0, update to version 3.1.0 or later to resolve the issue...

PT-2023-29177 · WordPress · The Awesome Feed – Custom Feed

Name of the Vulnerable Software and Affected Versions: The Awesome Feed – Custom Feed plugin versions 2.2.5 and earlier Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authenticated contributors to inject malicious scripts. Recommendations: For versions 2.2.5 and...

SUSE CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

Silverstripe Form Capture vulnerable to stored cross-site-scripting

Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge...

acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2), airflow-add-ons (>=0.2.9b1 <=0.2.9b2) +11 more potentially affected by CVE-2022-38054 via apache-airflow (>=2.2.5 <=2.3.4)

apache-airflow PYPI version =2.2.5, =0.8.44.4, =0.2.9b1, =0.8.0, =0.2.0, =0.0.3, =0.0.6, =0.0.1, =0.1.0, =0.4.0, =0.8.3, =0.2.35, =0.1.0, =0.10.0.1 Source cves: CVE-2022-38054 Source advisory: OSV:PYSEC-2022-263...