CVE-2026-25058

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2026-25591

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

ado-vllm-performance (=1.2.2), agentclinic (=0.1.0) +23 more potentially affected by CVE-2025-66448 via vllm (>=0.10.0 <=0.11.0)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.1.5, =1.0.0, =1.2.6 - haerae-evaluation-toolkit =0.1.0 - hedge-bench =0.1.2 and more Source cves: CVE-2025-66448 Source advisory: SNYK:PYTHON-VLLM-14157153...

EUVD-2008-6897

Malware in sbrugna...

EUVD-2006-5491

Malware in sbrugna...

EUVD-2016-7217

Malware in sbrugna...

EUVD-2016-2340

Malware in sbrugna...

EUVD-2007-2513

Malware in sbrugna...

EUVD-2022-4192

Malicious code in bioql PyPI...

EUVD-2025-28336

Malicious code in bioql PyPI...

CVE-2025-49983

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through = 0.10...

CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through = 0.10...

CVE-2025-49983 WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Joe Hoyle WPThumb allows Server Side Request Forgery. This issue affects WPThumb: from n/a through 0.10...

MetaCPAN Net::CIDR::Set 安全漏洞

MetaCPAN Net::CIDR::Set is a library from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::CIDR::Set versions 0.10 through 0.13 that stems from not properly handling leading zeros in IP CIDR address strings, which could lead to an access control bypass...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

WordPress plugin Personizely 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

com.github.zhkl0228:netguard (>=0.0.5 <=0.0.6), tech.kwik:flupke (>=0.5.4 <=0.6) +5 more potentially affected by CVE-2025-23020 via tech.kwik:kwik (=0.10)

tech.kwik:kwik MAVEN version =0.10 is affected by a known vulnerability. The following packages have a transitive dependency on tech.kwik:kwik and may be impacted: - com.github.zhkl0228:netguard =0.0.5, =0.5.4, =0.6 - tech.kwik:kwik-cli =0.10 - tech.kwik:kwik-h09 =0.10 - tech.kwik:kwik-interop...

CVE-2024-38523

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

dbs-arch (>=0.2.2 <=0.2.3), dbs-boot (>=0.3.0 <=0.4.0) +7 more potentially affected by unknown CVE via kvm-ioctls (>=0.10.0 <=0.18.0)

kvm-ioctls CARGO version =0.10.0, =0.2.2, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.0.29, =0.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-3QX8-RV27-J6GP...