105 matches found
SUSE-SU-2026:22074-1 Security update for elemental-toolkit
This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-toolkit: - Update to v2.2.9: 0e33b2bc Bump golang.org/x/net to v0.55.0...
CVE-2026-3878
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-1085
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
EUVD-2026-10126
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
PT-2026-23836
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
CVE-2026-25332
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through = 2.2.9...
CVE-2026-25332 WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through = 2.2.9...
CVE-2026-24984
CVE-2026-24984 affects the WordPress Visual Link Preview plugin up to and including version 2.2.9, describing a Missing/Incorrectly Configured Authorization vulnerability that allows access control bypass. The issue, documented in multiple sources, indicates a Broken Access Control risk with CVSS...
CVE-2026-24984 WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through = 2.2.9...
PT-2026-6232
Name of the Vulnerable Software and Affected Versions Brecht Visual Link Preview versions through 2.2.9 Description A missing authorization flaw exists in Brecht Visual Link Preview, potentially allowing exploitation due to incorrectly configured access control security levels. Recommendations...
WordPress plugin Visual Link Preview 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
MiracleLinux 3 : dbmail-2.2.5-1.8AXS3 (AXSA:2008-85:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-85:01 advisory. Description of problem: Dbmail is the name of a group of programs that enable the possibility of storing and retrieving mail messages from a database. DBMail...
CVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...
CVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...
EUVD-2010-2795
Malware in sbrugna...
EUVD-2025-17109
Malicious code in bioql PyPI...
EUVD-2025-21691
Malicious code in bioql PyPI...
EUVD-2023-36914
Malicious code in bioql PyPI...
EUVD-2025-28795
Malicious code in bioql PyPI...
EUVD-2023-52349
Malicious code in bioql PyPI...