CVE-2026-5615

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

CVE-2026-2934

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/DfriendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

WordPress plugin Magic Login Mail or QR Code 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

EUVD-2025-32702

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the process handling incoming requests. An attacker can cause the service to become unresponsive by sending specially crafted input. Remediation Upgrade org.apache.iotdb:iotdb-core to version 2.0.5 or highe...

CVE-2025-23664

Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...

WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MemeOne versions = 2.0.5...

CVE-2021-20018

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier...

CVE-2020-10044

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device...