CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

CVE-2026-3218

CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-24960 WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through 2.0.2...

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

MAL-2026-942 Malicious code in ethereum-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f139611e5bee8bd888911afc42c4e762ba55dc37cb142d92fe4203209f917600 The package ethereum-lint was found to contain malicious code. Source: ghsa-malware d4db9b610771f0e6a14c8e5de6545323a4041420731492b2265b31ec14fdaa3b...

All-Dynamics enlogic:show 安全漏洞

All-Dynamics enlogic:show is a digital signage management system from All-Dynamics, Germany. A security vulnerability exists in All-Dynamics enlogic:show version 2.0.2, which stems from the presence of a session fixation vulnerability that could lead to bypassing authentication and performing...

PT-2025-51860

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

CVE-2025-57906 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.6...

PT-2025-38800

Name of the Vulnerable Software and Affected Versions Glen Scott Plugin Security Scanner versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...

WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin ABCBiz Addons and Templates for Elementor versions = 2.0.2...

PT-2023-25220 · Iq Wifi 6 · Iq Wifi 6

Name of the Vulnerable Software and Affected Versions: IQ Wifi 6 versions prior to 2.0.2 Description: An unauthorized user could gain account access by conducting a brute force authentication attack. Recommendations: For IQ Wifi 6 versions prior to 2.0.2, update to version 2.0.2 or later to resol...

CVE-2022-33198

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress...

CVE-2021-37569

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...

CVE-2021-37570

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read...

IBM Security Guardium Insights 信息泄露漏洞

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. An information disclosure vulnerability exists in IBM Security Guardium Insights 2.0.2. A remote attacker could exploit this...

PT-2020-10763 · Trustwave +1 · Opendmarc +1

Name of the Vulnerable Software and Affected Versions: OpenDMARC versions 1.3.2 and 1.4.x Description: The issue allows attacks to bypass SPF and DMARC authentication when the HELO field is inconsistent with the MAIL FROM field, specifically when OpenDMARC is used with pypolicyd-spf 2.0.2...

IniNet Solutions SCADA Web Server Path Traversal Vulnerability

IniNet SCADA Web Server is a third-party web-based server software. Versions of SCADA Web Server prior to 2.02 fail to effectively filter certain elements within path names and are implemented with a path traversal vulnerability. An attacker can exploit this vulnerability to read arbitrary OS fil...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...