CVE-2026-6809

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

PT-2026-40763

Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...

PT-2026-32915

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4

CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4. A patched version of the package is available...

EUVD-2025-24988

Malicious code in bioql PyPI...

PT-2023-8903

Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.4.0 Rack versions 3.0.0 through 3.0.0.0 Description A denial of service vulnerability in the multipart parsing component of Rack could allo...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +215 more potentially affected by CVE-2015-5209 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.24)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-5209 Source advisory: OSV:GHSA-4QGJ-9MVG-3929...

Linbit csync2 输入验证错误漏洞

Linbit csync2 is a cluster synchronization tool from Austrian company Linbit, which is mainly used to keep files on multiple hosts in a cluster synchronized. A security vulnerability exists in LINBIT csync2 version 2.0 and earlier versions, which stems from a failure to properly check the return...

QuickApps CMS Cross-Site Scripting Vulnerability

QuickApps CMS is a PHP-based, open source, modular content management system. A cross-site scripting vulnerability exists in the user's real name field in QuickApps CMS version 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service and perform unauthorized operations...

Wireshark UMTS FP Parser Denial of Service Vulnerability (CNVD-2016-06208)

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability in the epan/dissectors/packet-umtsfp.c file in the UMTS FP pars...