Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017479 advisory. A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

CVE-2022-26301

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php...

CVE-2023-25041

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cththemes Monolit theme = 2.0.6 versions...

WordPress Authors List plugin <= 2.0.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Authors List versions = 2.0.6.2...

CVE-2025-32634

CVE-2025-32634 describes a Reflected XSS in the WordPress plugin Run Contests, Raffles, and Giveaways with ContestsWP (versions n/a through 2.0.6). The vulnerability arises from improper input neutralization during web page generation. Affected software is ContestsWP communications for Run Contes...

WordPress my money theme <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme my money versions = 2.0.6...

WordPress Attire theme <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Attire versions = 2.0.6...

CVE-2022-47190

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root...

inxedu SQL注入漏洞

Inxedu inxedu is a set of open source online education platform of China Inxedu Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. SQL injection vulnerability exists in inxedu version 2.0.6, the vulnerability...

GHSA-JVC3-WJF6-7C6C Apache Dolphin Scheduler has insufficiently protected credentials

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

PT-2022-27525 · Unknown · Alarm Instance Management

Name of the Vulnerable Software and Affected Versions: Alarm instance management versions prior to 2.0.6 Description: The issue is related to command injection in alarm instance management when a specific command is configured, affecting only logged-in users. Recommendations: For versions prior t...

CVE-2021-24726

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...

Blueman Injection Vulnerability

Blueman is a graphical Bluetooth management tool for the GNOME desktop environment from the Blueman team. The main functions are: sending files, browsing files on the device, viewing information about local or remote devices, configuring local devices, managing bindings, binding services, etc...

IBM Data Risk Manager User Credentials Plaintext Storage Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A user credentials plaintext storage vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to read user credentials in plaintext...

CVE-2020-4614

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927...