CLSA-2026-1778163112 Update of cups

Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...

CLSA-2026-1778166697 Update of cups

Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...

Astra Linux - уязвимость в libksba

Before version 1.6.3, Libksba was vulnerable to an integer overflow vulnerability in the CRL signature parser...

WordPress Featured Images in RSS for Mailchimp & More plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Featured Images in RSS for Mailchimp & More versions = 1.6.3...

WordPress Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Alt Manager versions = 1.6.3...

📄 InvoicePlane 1.6.3 Path Traversal

InvoicePlane versions 1.6.3 and below suffer from a path traversal vulnerability in the getfile method of the Guest module. CVE-2026-23491: InvoicePlane has Unauthenticated Path Traversal in Guest Controller Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23491 | | Severity | CRITICAL ...

JLSEC-2026-57

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052

CVE-2026-34052 affects the LTI JupyterHub Authenticator used with JupyterHub. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds, with nonces added before signature validation. An attacker who knows a valid consumer key can send...

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

GHSA-8MXQ-7XR7-2FXJ LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

PT-2026-30253

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

EUVD-2026-15520

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

CVE-2026-22510

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

WordPress plugin Melody 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27831

Name of the Vulnerable Software and Affected Versions AncoraThemes Melody versions n/a through 1.6.3 Description A flaw exists in the deserialization of untrusted data within AncoraThemes Melody melodyschool, potentially allowing for object injection. This issue could allow an attacker to inject...

WordPress plugin EmailKit 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...