CVE-2026-46419

Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...

cn.datask:dat-adapter-duckdb (>=0.6.1 <=0.7.1), cn.datask:dat-adapter-mysql (>=0.6.1 <=0.7.1) +158 more potentially affected by CVE-2026-25526 via com.hubspot.jinjava:jinjava (>=2.8.0 <=2.8.2)

com.hubspot.jinjava:jinjava MAVEN version =2.8.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.1 and more Source cves: CVE-2026-25526 Source advisory: SNYK:JAVA-COMHUBSPOTJINJAVA-15189006...

WordPress plugin “Link Invoice Payment for WooCommerce” has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2022-0325

Malicious code in bioql PyPI...

EUVD-2022-0338

Malicious code in bioql PyPI...

WordPress Auto Bulb Finder for WordPress plugin <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Bulb Finder for WordPress versions = 2.8.0...

webfinger.js 代码问题漏洞

webfinger.js is a client-side library for querying WebFinger records by the individual developer Nick Jennings. A code issue vulnerability exists in webfinger.js version 2.8.0 and earlier, which stems from not blocking localhost access and could lead to a blind SSRF attack...

CVE-2025-1774

CVE-2025-1774 is a string-encoding vulnerability in NASK - PIB BotSense where an additional field separator character or value can be injected into generated events’ extraData. Affected versions are BotSense before 2.8.0. Root cause: incorrect string encoding that allows extra separators/values t...

Jenkins plugin Eiffel Broadcaster 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2024-51791

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0...

BIT-AIRFLOW-2024-28746 Apache Airflow: Ignored Airflow Permissions

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to...

GHSA-H574-6646-VFXX Apache Airflow: Ignored Airflow Permission

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to...

WordPress Plugin TNC PDF viewer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting vulnerability...

BIT-TENSORFLOW-2022-23573 Uninitialized variable access in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...

PT-2024-14468 · Unknown · Html5 Mp3 Player With Folder Feedburner Playlist

Name of the Vulnerable Software and Affected Versions: HTML5 MP3 Player with Folder Feedburner Playlist Free versions through 2.8.0 Description: The issue is related to the deserialization of untrusted data, which can lead to potential security risks. There is no information provided about the...

PT-2023-21136 · Makestories Team · Makestories

Name of the Vulnerable Software and Affected Versions: MakeStories Team MakeStories for Google Web Stories plugin versions = 2.8.0 Description: A Cross-Site Request Forgery CSRF issue affects the MakeStories Team MakeStories plugin. This type of issue allows an attacker to trick a user into...

PT-2023-6139 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP versions 2.8.0 through 2.9.2 Description: The issue is related to a command injection vulnerability. It allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in the /ajax/networking/ge...

PT-2022-22959 · Frauscher Sensortechnik Gmbh · Fds102

Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 versions 2.8.0 through 2.9.1 Description: The issue allows malicious code upload without authentication by using the configuration upload function, which could lead to a complete...