CVE-2026-3523 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter

The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...

CVE-2026-3523 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter

The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...

WordPress Apocalypse Meow plugin <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'type' Parameter vulnerability discovered by Louis Deschanel - Patrowl in WordPress Plugin Apocalypse Meow versions = 22.1.0...

EUVD-2022-1016

Malicious code in bioql PyPI...

CVE-2022-0576

Cross-site Scripting XSS - Generic in Packagist librenms/librenms prior to 22.1.0...

CVE-2022-29184

GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...

Code injection

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...

CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...

Enterprise Distributed Technologies CompleteFTP Server 路径遍历漏洞

Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A path traversal vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server version v22.1.0, which arises from...

PT-2022-26514 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 22.1.0 Description: The issue is related to the SNMP MIB Walker application endpoint, which failed to properly sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary...

UBUNTU-CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

Command injection

GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

Nextcloud 访问控制错误漏洞

Nextcloud server is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is vulnerable to authorization issues in versions prior to 20.0.12, 21.0.4 or 22.1.0. The vulnerability stems from a lack of authentication...

PT-2021-19939 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The issue affects Nextcloud server, an open-source, self-hosted personal cloud. An attacker can bypass...