Astra Linux - уязвимость в openldap

In OpenLDAP 2.x versions before 2.5.12 and 2.6.x versions before 2.6.2, there is a SQL injection vulnerability in the experimental slapd backend, caused by a SQL statement within an LDAP query. This vulnerability can occur during an LDAP search operation, when the search filter is processed, due ...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

Linux Distros Unpatched Vulnerability : CVE-2026-22703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verif...

CVE-2021-35522

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets...

CVE-2025-26914

CVE-2025-26914 (WordPress Variable Inspector) is a Reflected XSS in the Variable Inspector plugin for WordPress (affected: 2.6.2 and earlier). The CVE entry notes improper neutralization of input during web page generation, enabling reflected XSS. Severity is High (CVSS 3.1 base 7.1; Network atta...

PT-2025-1492 · Unknown · Idx Impress Listings

Name of the Vulnerable Software and Affected Versions: IDX IMPress Listings versions n/a through 2.6.2 Description: The issue is related to a Missing Authorization vulnerability in IDX IMPress Listings, which allows exploiting incorrectly configured access control security levels. Recommendations...

PT-2024-36206 · WordPress · Wpexpertsio New User Approve

Name of the Vulnerable Software and Affected Versions: WPExpertsio New User Approve versions 2.6.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WPExpertsi...

WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin New User Approve versions = 2.6.2...

GHSA-W455-MFQ9-HF74 insane vulnerable to Regular Expression Denial of Service

insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...

WordPress WooCommerce Social Login plugin <= 2.6.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin WooCommerce Social Login versions = 2.6.2...

TinyXML Security Vulnerability

TinyXML is a simple, small and minimal C++ Xml parser. A security vulnerability exists in TinyXML 2.6.2 and earlier versions, which stems from a security flaw in the file tinyxmlparser.cpp...

PT-2023-15215 · Hasthemes · Shoplentor

Name of the Vulnerable Software and Affected Versions: HasThemes ShopLentor plugin versions = 2.6.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21736 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21736 Source advisory: OSV:PYSEC-2022-115...

Grassroots DICOM Denial of Service Vulnerability

Grassroots DICOM aka GDCM is a C++ library for processing DICOM medical images. A denial-of-service vulnerability exists in Grassroots DICOM versions prior to 2.6.2, which allows remote attackers to exploit the vulnerability to gain access to sensitive information in process memory or cause a...

PT-2003-1043 · Washington University · Wu-Ftpd

Name of the Vulnerable Software and Affected Versions: wu-ftpd versions 2.5.0 through 2.6.2 Description: The issue is related to an off-by-one error in the fb realpath function, which may allow attackers to execute arbitrary code. This can be triggered by commands that cause pathnames of length...