CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

EUVD-2026-9222

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMAWidgetAdmin::renderpreview'. This is due to missing capability check. This makes it possible for authenticated attackers, with...

GHSA-5RMX-256W-8MJ9 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

CVE-2025-68565

Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through = 2.1.3...

EUVD-2025-201375

The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...

CVE-2025-62977

Missing Authorization vulnerability in 沃之涛 百度站长SEO合集支持百度/神马/Bing/头条推送 baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集支持百度/神马/Bing/头条推送: from n/a through = 2.1.4...

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

PT-2025-41363

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions up to and including 2.1.3 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting...

CVE-2025-9057

The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

openjdk: Improve scripting supports (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...

Arteche saTECH BCU 跨站请求伪造漏洞

The Arteche saTECH BCU is a flight room control unit from Arteche. A cross-site request forgery vulnerability exists in the Arteche saTECH BCU version 2.1.3, which stems from a cross-site request forgery that could allow an unauthorized attacker to perform malicious actions using the administrato...

PT-2025-1768 · Unknown · Goodlayers-Core

Name of the Vulnerable Software and Affected Versions: goodlayers-core versions prior to 2.1.3 Description: The issue allows users with a subscriber role or above to upload SVG files that contain malicious payloads. This can be exploited by uploading SVGs with harmful content. Recommendations:...

BELL-CVE-2022-0213 CVE-2022-0213 does not affect BellSoft software

Bulletin has no description...

CVE-2023-21838

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

CVE-2020-14864

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2020-18525)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the projdoceditpage.php Project Documentation function in MantisBT...

UBUNTU-CVE-2016-5598

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python...