CVE-2026-4290

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

Flexense VX Search 安全漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

CVE-2026-21730

CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...

CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

RHSA-2026:2725 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2025-10669

A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...

CVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6...

IObit Driver Booster 安全漏洞

IObit Driver Booster is a driver updater from IObit. A security vulnerability exists in IObit Driver Booster version v10.6, which stems from a buffer overflow issue that was found to be contained via the Host parameter under the Custom Agent module...

CVE-2023-35803

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow...

FileOrbis File Management System 路径遍历漏洞

FileOrbis File Management System is a file server management product from FileOrbis, Inc. A path traversal vulnerability exists in FileOrbis File Management System versions prior to 10.6.3, which stems from an unauthenticated local file inclusion and path traversal vulnerability in the file...

mariadb: save_window_function_values triggers an abort during IN subquery

savewindowfunctionvalues in MariaDB before 10.6.3 allows an application crash because of incorrect handling of withwindowfunc=true for a subquery...

CVE-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

ALPINE-CVE-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2020-4688

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700...

CVE-2020-4921

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398...

CVE-2020-4921

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398...

IBM Security Secret Server Open Redirect Vulnerability

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An open redirection vulnerability exists in IBM Security Secret Server 10.6...

CVE-2020-4842

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046...

McAfee Endpoint Security Code Injection Vulnerability

McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on....