EUVD-2026-28501

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

CVE-2026-24627 WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through = 2.0.0...

EUVD-2020-0787

Malware in sbrugna...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2020-11436

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators...

CVE-2024-29502

An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths...

CVE-2024-12866

CVE-2024-12866 affects netease-youdao/qanything v2.0.0. It is a local file inclusion (path traversal) vulnerability caused by an unvalidated file path to an access-restricted directory, enabling reading arbitrary files on the filesystem and potentially facilitating remote code execution via sensi...

CVE-2024-12866 Local File Inclusion in netease-youdao/qanything

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...

CVE-2024-9644

CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...

CVE-2024-56300

CVE-2024-56300 affects WPSpins Post/Page Copying Tool (WordPress). Insertion of Sensitive Information Into Sent Data allows retrieval of embedded sensitive data. Affected: Post/Page Copying Tool versions from n/a through 2.0.0. The CVE entry is linked to Red Hat and Wordfence entries with the sam...

CVE-2024-12413

CVE-2024-12413 affects MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution for WordPress. Vulnerable through missing capability checks in multiple functions (e.g., marketking_delete_team_member, marketkingrejectuser, marketking_save_profile_settings) in all versions up to 2.0.00, e...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2021-34666 Add Sidebar <= 2.0.0 Reflected Cross-Site Scripting

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0...