41 matches found
EUVD-2026-39754
Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...
CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...
Improper Verification of Cryptographic Signature
Overview @stablelib/ed25519 is an Ed25519 public-key signature EdDSA with Curve25519 Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message withou...
CVE-2026-27406 WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...
CVE-2026-3304 Multer vulnerable to Denial of Service via incomplete cleanup
Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch...
CVE-2026-2359
Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to...
CVE-2026-24617 WordPress Easy Modal plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through = 2.1.0...
PT-2026-4389
Name of the Vulnerable Software and Affected Versions WP Term Order versions through 2.1.0 Description A Cross-Site Request Forgery CSRF issue exists in WP Term Order. This allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations Update WP Term...
CVE-2025-1722
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...
CVE-2025-1719 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...
WordPress Easy Modal plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Modal versions = 2.1.0...
CVE-2025-22509
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through = 2.1.0...
PT-2025-53582
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software potentially allows a remote attacker to access sensitive information stored in memory due to insufficient clearing of heap memory. Recommendations Update to a version later than...
CVE-2025-64257
Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through = 2.1.0...
PT-2025-38258
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly, an open source P2P-based file distribution and image acceleration system, disables TLS certificate verification in its HTTP clients. These clients are not configurable, preventing users...
PT-2025-38273
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly2 uses the MD5 hash function for downloaded files, which does not provide collision resistance. This allows attackers to replace files with malicious ones that have a colliding hash. An...
GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
CVE-2023-6069
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0...
CVE-2023-2228
Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.1.0...