14 matches found
CVE-2026-13489
A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...
CVE-2026-46905
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin Review Schema versions = 2.2.6...
CVE-2022-26748
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2025-67550
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...
CVE-2025-67550 WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...
CVE-2024-49879
creationtimestamp| type| source ---|---|--- 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...
PT-2024-40368 · Adobe · Magento Open Source +1
Name of the Vulnerable Software and Affected Versions: Magento Commerce and Open Source versions prior to 2.2.6 Magento Commerce and Open Source versions prior to 2.1.15 Description: The issue concerns security enhancements to address Cross-Site Scripting XSS and other vulnerabilities...
CVE-2023-47645
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...
PT-2023-30650 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum versions through 2.2.6 Description: The issue is related to Cross-Site Request Forgery CSRF and Missing Authorization, allowing unauthorized access to functionality not properly constrained by Access Control Lists ACLs. This can...
WordPress plugin Otter 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress...
CVE-2022-26631
creationtimestamp| type| source ---|---|--- 2022-04-06 15:10:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1877 2022-04-18 18:23:22+00:00| seen| https://t.me/cibsecurity/41010...
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery CSRF vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability...
PT-2007-5645 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.2.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset when the charset on a server-generated page is...