[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities

R1 Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components openresty, openresty - nginx were found to contain vulnerabilities, and...

CLEANSTART-2026-VD70282 Security fixes for CVE-2025-11065, CVE-2025-15558, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-p436-gjf2-799p applied in versions: 1.27.1-r0, 1.27.7-r1

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10214-1 mupdf-1.27.1-1.1 on GA media

These are all security issues fixed in the mupdf-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-29857

An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link...

CVE-2025-59949

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-59949

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-59949 FreshRSS has Logout CSRF that Leads to DoS via <track src>

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-59949 FreshRSS has Logout CSRF that Leads to DoS via <track src>

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

FreshRSS 安全漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security vulnerability exists in FreshRSS versions prior to 1.27.1, which stems from a cross-site request forgery vulnerability in the logout feature that could lead to a denial of service attack...

PT-2025-52281

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-58173

FreshRSS (self-hosted RSS aggregator) is affected by a path traversal in the language configuration parameter that existed in versions 1.23.0–1.27.0. An unprivileged user could call install.php and perform administrative actions, including logging in as admin, creating a new admin user, or config...

PT-2025-51321

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.23.0 through 1.27.0 Description FreshRSS is a self-hosted RSS feed aggregator. Versions 1.23.0 through 1.27.0 contain a path traversal issue within the language user configuration parameter. This allows an unprivileged user...

CVE-2025-65036

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

EUVD-2025-201417

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

PT-2025-49257

Name of the Vulnerable Software and Affected Versions XWiki Remote Macros versions prior to 1.27.1 Description XWiki Remote Macros includes XWiki rendering macros designed for content migration from Confluence. Versions of the software prior to 1.27.1 execute Velocity code from details pages...