CVE-2026-39999

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2026-41554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. Versions 2.2 to 2.3 of IBM Watsonx.data contain security vulnerabilities. These vulnerabilities stem from insufficient restrictions on communication between Pods, allowing attackers to transfer data between Pods without any...

WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Malmö versions = 2.2...

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

CVE-2026-32425

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...

CVE-2025-48094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Slider magicslider allows Reflected XSS.This issue affects Magic Slider: from n/a through = 2.2...

CVE-2025-14112

The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menustyle' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-201829

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

CVE-2025-36140

CVE-2025-36140 affects IBM watsonx.data versions 2.2–2.2.1. An authenticated user can cause a denial of service in ingestion pods due to improper allocation of resources without limits. Remediation: upgrade to watsonx.data 2.2.2 or move to CPD 5.2.2 as per IBM bulletin. The vulnerability details ...

EUVD-2025-31675

Malicious code in bioql PyPI...

CVE-2024-1855

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpccheckforsubmission function. This makes it possible for unauthenticated...

HAProxy 安全漏洞

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy. The server provides 4-layer and 7-layer proxies and can support tens of thousands of level connections with high efficiency and stability. A security vulnerability exists in HAProxy versions 2.2 through 3.1....

WordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Are you robot google recaptcha for wordpress versions = 2.2...

WordPress Wonder Video Embed plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Wonder Video Embed versions = 2.2...

PT-2024-35326 · WordPress · Wp Menu Image

Name of the Vulnerable Software and Affected Versions: WP Menu Image versions through 2.2 Description: The issue is related to a Missing Authorization vulnerability in WP Menu Image, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions throu...

WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Preloader Plus - Wordpress Loading Screen Plugin versions = 2.2.1...

WordPress Plugin EnvíaloSimple 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin EnvíaloSimple: Email...