10 matches found
CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...
CVE-2026-25460
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...
CVE-2026-0677
CVE-2026-0677 concerns the WordPress plugin TotalContest Lite (
WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...
CVE-2025-25096
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through = 2.9.1...
CVE-2025-25096 WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through = 2.9.1...
WordPress TI WooCommerce Wishlist plugin <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability
Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability discovered by abrahack in WordPress Plugin TI WooCommerce Wishlist versions = 2.9.1...
OESA-2022-2119 apache-sshd security update
Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. Security Fixes: Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The...
PT-2021-23429 · Crocoblock · Crocoblock Jetengine
Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions prior to 2.9.1 Description: The issue arises from improper validation and sanitization of form data. Recommendations: For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue...
user/group information can be corrupted across storing in fsimage and reading back from fsimage
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...