PT-2026-41635

Name of the Vulnerable Software and Affected Versions Feeds for YouTube versions prior to 2.6.4 Description A missing capability check in the actions function allows users with subscriber privileges or higher to unauthorizedly modify or delete the plugin license key. Recommendations Update to...

PT-2026-34316

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...

EUVD-2026-19674

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

CVE-2026-35489

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

CVE-2026-35489

Tandoor Recipes CVE-2026-35489 affects the POST /api/food/{id}/shopping/ endpoint. Before version 2.6.4, the handler reads amount and unit directly from request.data and passes them to ShoppingListEntry.objects.create() without validation, which can cause an unhandled exception (HTTP 500) for non...

EUVD-2026-19673

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

EUVD-2026-14672

A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the attac...

bolo-solo 路径遍历漏洞

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Versions of Bolo-Solo 2.6.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the importFromCnblogs function in the file...

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

CVE-2026-22445

Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through = 2.6.4...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

EUVD-2025-38187

Nuxt DevTools vulnerable to cross-site scripting XSS...

EUVD-2025-38058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...

PT-2025-1394 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a malformed ASN.1 packet over the S1AP interface, triggering an assertion that can cause the MME to crash, resulting in denial of service. This can be...

CVE-2024-43251

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4...

WordPress plugin Bit Form Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-3146 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to insufficient input sanitization and output escaping on user-supplied attributes in the JKit - Banner widget, allowing authenticat...

SUSE CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

PT-2022-4712

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.4 Rancher versions prior to 2.5.13 Description A vulnerability in SUSE Rancher allows authenticated users, including Cluster Owners, Cluster Members, Project Owners, and Project Members, to read credentials,...

Nextcloud Desktop Client Sensitive Information Plaintext Storage Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication applications from Nextcloud Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A vulnerability exists in Nextcloud Desktop Client version 2.6.4 in which sensitive informati...