CVE-2026-25521 Locutus is vulnerable to Prototype Pollution

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...

CVE-2020-15148

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

CVE-2024-23505 WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38...

CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

CVE-2020-15148

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

Beeline Smart Box Operating System Command Injection Vulnerability

The Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart Box version 2.0.38. An attacker can exploit this vulnerability via the 'Ping pingipaddr', 'Nslookup nslookupipaddr' or 'Traceroute tracerouteipaddr' parameters to execute...