Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017566 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMAADPCMdecode in audio/SDLwave.c. Tenable has extracted the...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLGetRGB in the video/SDLpixels.c file, there is a heap-based buffer over-read issue in versions from 1.2.15 up to 2.x, and from 2.0.9 onwards...

Astra Linux - уязвимость в libsdl1.2, libsdl2

SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from version 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the MSADPCMDecode function within audio/SDLwave.c...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. Multiplication operations within the calloc function may lead to integer overflows and subsequent heap buffer overflows...

CVE-2026-0814

The CVE-2026-0814 entry concerns the WordPress plugin Advanced CF7 DB . A missing capability check in the function vsz_cf7_export_to_excel affects all versions up to and including 2.0.9 , enabling authenticated users with Subscriber-level access and above to export form submissions to Excel files...

PT-2026-31390

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz cf7 export to excel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level acces...

PT-2026-31389

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz cf7 save setting callback' function. This makes it possible for unauthenticated attackers t...

EUVD-2026-15691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

CVE-2026-25371 WordPress Lumise Product Designer plugin < 2.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

WordPress plugin Lumise Product Designer SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

Command Injection

Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...

PT-2026-20228

Name of the Vulnerable Software and Affected Versions Filestack plugin for WordPress versions prior to 2.0.9 Description The Filestack plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'filepicker' shortcode. Insufficient input sanitization and output escaping on...

Yii Framework 2.0.9 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Yii Framework version 2.0.9 and earlier versions before 2.0.14. The vulnerability exists in the error handler component. This issue is older research added to the archive...

WordPress WP Prayer plugin <= 2.0.9 - Email Settings Update via CSRF vulnerability

Email Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HD Quiz versions = 2.0.9...

CVE-2026-24544

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

CVE-2026-24544

CVE-2026-24544 refers to a Missing Authorization vulnerability in Harmonic Design HD Quiz (WordPress plugin, hd-quiz) affecting versions up to and including 2.0.9. Root cause is misconfigured access control that can permit unauthorized actions. CVSS 3.1 base score 4.3 (Medium). Wordfence and patc...