CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

EUVD-2026-20144

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

CVE-2026-1436

Improper Access Control IDOR in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive...

PT-2026-5874

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions through 2.2.0 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and...

ClinCapture EDC 安全漏洞

ClinCapture EDC is a clinical trial data capture system from ClinCapture, Inc. A security vulnerability exists in ClinCapture EDC versions 3.0 and 2.2.3, which originates in reflective cross-site scripting and could lead to the execution of JavaScript code by an unauthenticated, remote attacker i...

CVE-2025-66403

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

CVE-2025-64358 WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through = 2.2.3...

WordPress WP Hotel Booking plugin < 2.2.3 - Subscriber+ Rating Manipulation vulnerability

Subscriber+ Rating Manipulation vulnerability discovered by Muhammed Çelik in WordPress Plugin WP Hotel Booking versions 2.2.3...

WordPress Bg Patriarchia BU plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Bg Patriarchia BU versions = 2.2.3...

CVE-2024-49685

Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds Tweets Widget allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through 2.2.3...

CVE-2024-24933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3...

CVE-2022-23221

creationtimestamp| type| source ---|---|--- 2024-02-09 02:16:41+00:00| seen| https://t.me/ctinow/181760...

SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...

PT-2022-27478 · Unknown · Plugin For Google Reviews

Name of the Vulnerable Software and Affected Versions: Plugin for Google Reviews versions prior to 2.2.3 Description: The issue is related to a Broken Access Control vulnerability. It affects the authentication mechanism for subscribers and above, potentially allowing unauthorized access...

CVE-2022-2324

creationtimestamp| type| source ---|---|--- 2022-07-30 00:13:57+00:00| seen| https://t.me/cibsecurity/47300...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23578 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23578 Source advisory: OSV:PYSEC-2022-142...

PYSEC-2021-236

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

PYSEC-2021-448

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...