CVE-2026-6211 Arbitrary File Upload in Global IT's WEOLL

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

PT-2026-48884

Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...

Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017561 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave.c. Tenable has extracted the preceding...

WordPress Responsive Blocks – Page Builder for Blocks & Patterns plugin 2.0.9-2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions 2.0.9-2.2.1...

WordPress Subscribe to Download Plugin <= 2.0.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe to Download versions = 2.0.9...

Linux Distros Unpatched Vulnerability : CVE-2025-32997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CVE-2025-32997 Note that Nessus relies on the...

CVE-2023-44475

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin CRUDLab Like Box versions = 2.0.9...

WordPress plugin Mailing Group Listserv SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

PT-2024-27372 · Unknown · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive versions n/a through 2.0.9 Description: The issue is related to a Missing Authorization vulnerability in PropertyHive, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions...

PT-2024-21165 · Linksys · Linksys Re7000

Name of the Vulnerable Software and Affected Versions: Linksys RE7000 versions 2.0.9 through 2.0.15 Description: The issue concerns a command execution vulnerability in the AccessControlList parameter of the access control function point. This vulnerability can be exploited by an attacker to obta...

SUSE CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized...

PT-2023-16332 · WordPress · The Post Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Shortcode WordPress plugin versions 2.0.9 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

Ubiquiti EdgeRouter 安全漏洞

The Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions. An attacker could exploit this vulnerability to cause a denial of service on the system...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +247 more potentially affected by unknown CVE via com.vaadin:flow-server (>=2.0.9 <=2.5.2)

com.vaadin:flow-server MAVEN version =2.0.9, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.1.0, =14.1.0, =0.0.3, =1.0.2, =0.3.1, =1.0.2, =1.0.0, =0.5.1, =2.1.0, =2.2.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C57F-4VP2-JQHM...

SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c...

SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDLGetRGB in video/SDLpixels.c...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c outside the wNumCoef loop...