CVE-2026-39702

The CVE-2026-39702 entry relates to Wealcoder Animation Addons for Elementor. All connected sources describe a DOM-Based Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting Animation Addons for Elementor up to and including versio...

SUSE CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2020-11841

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure...

CVE-2025-23755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through = 2.6.1...

Zoraxy 操作系统命令注入漏洞

Zoraxy is a general-purpose HTTP reverse proxy and forwarding tool from the individual developer Toby Chui. An operating system command injection vulnerability exists in Zoraxy versions 2.6.1 through 3.1.2 that originates from allowing an authenticated attacker to execute arbitrary commands as ro...

PT-2024-32704 · Unknown · Payflex Payment Gateway

Name of the Vulnerable Software and Affected Versions: Payflex Payment Gateway versions through 2.6.1 Description: The issue is an 'Open Redirect' vulnerability, which allows URL redirection to untrusted sites. This vulnerability affects Payflex Payment Gateway. Recommendations: For Payflex Payme...

WordPress Custom Field Template plugin <= 2.6.1 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Sh in WordPress Plugin Custom Field Template versions = 2.6.1...

CVE-2023-47853

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a...

CVE-2021-41220

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

PYSEC-2021-629

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

PYSEC-2021-822

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

CVE-2021-41223

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

websvn 操作系统命令注入漏洞

websvn is a software application. An online Subversion repository viewer. A security vulnerability exists in WebSVN versions prior to 2.6.1 that allows remote attackers to execute arbitrary commands via shell metacharacters in search parameters...

CVE-2020-11841

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure...

GHSA-99QR-9CC9-FV2X Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

PT-2006-2108 · Game Panel · Game-Panel

Name of the Vulnerable Software and Affected Versions: Game-Panel versions 2.6.1 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the message parameter in the login.php file. This may require a URL encoded value...