CVE-2026-1115 Stored XSS in parisneo/lollms

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

SUSE CVE-2026-33474

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the password reset logic, which could allow disabled users to re-activate their accounts and bypass...

Formwork 跨站脚本漏洞

Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...

EUVD-2025-25045

Malicious code in bioql PyPI...

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

CosmWasm 安全漏洞

CosmWasm is a CosmWasm open source framework for building smart contracts in Wasm for the Cosmos SDK. A security vulnerability exists in CosmWasm versions prior to v2.2.0, which stems from a lack of runtime capability validation, and allows an attacker to deploy contracts and perform unauthorized...

Intel QuickAssist Technology 缓冲区错误漏洞

Intel QuickAssist Technology is an Intel technology that improves server utilization. The technology improves server efficiency by sharing the stress of compute-intensive tasks to equalize server pressure. A buffer error vulnerability exists in Intel QuickAssist Technology versions prior to 2.2.0...

PT-2024-35226 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal versions prior to 2.2.0 Description: The issue is related to improper neutralization of input during web page generation, leading to a Stored XSS Cross-site Scripting vulnerability. This allows for the storage of malicious scrip...

SUSE CVE-2024-31584

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp...

CVE-2023-47877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0...

PT-2023-13347 · Intel · Intel Battery Life Diagnostic Tool

Name of the Vulnerable Software and Affected Versions: IntelR Battery Life Diagnostic Tool versions prior to 2.2.0 Description: The issue is related to improper initialization in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-4487

The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

PT-2023-14562 · WordPress · Easy Accordion

Name of the Vulnerable Software and Affected Versions: Easy Accordion WordPress plugin versions prior to 2.2.0 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Thi...

Mattermost Server exposes information stored by a web browser

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser...

UBUNTU-CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...