GHSA-XJ37-QJG2-XWV2 @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

CVE-2026-3965 whyour qinglong API express.ts protection mechanism

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

PT-2026-24896

Name of the Vulnerable Software and Affected Versions whyour qinglong versions through 2.20.1 Description A security issue has been identified in whyour qinglong. The problem resides in an unknown function within the back/loaders/express.ts file of the API Interface component. Manipulation of the...

Improper Handling of Case Sensitivity

Overview @whyour/qinglong is a Timed task management platform supporting Python3, JavaScript, Shell, Typescript Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. due to the case-sensitive string matching in authentication middleware. A remote attacker can...

CVE-2025-50503

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without needing to provide ...

CVE-2024-8183

A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and...

Prefect 访问控制错误漏洞

Prefect is a workflow orchestration tool from Prefect Open Source that enables developers to build, observe and react to data pipelines. An access control error vulnerability exists in Prefect version 2.20.2 that stems from a CORS misconfiguration that allows unauthorized domains to access...

WordPress plugin GiveWP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2022-20753 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin versions = 2.20.2 Description: The issue is related to an authenticated arbitrary file read vulnerability via the export function in the GiveWP plugin for WordPress. This vulnerability can be exploited by users with a custom...

PT-2022-14899 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.20.2 Description: The issue allows unauthenticated users to access donor information through the "/donor-wall" REST-API endpoint, even when the donor wall is not enabled. This...

MGASA-2018-0258 Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs...