PT-2026-46040

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

EUVD-2026-32494

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

IBM Langflow 路径遍历漏洞

IBM Langflow is a visual process orchestration tool developed by IBM Corporation. Versions 1.0.0 to 1.9.1 of IBM Langflow contain a path traversal vulnerability. This vulnerability arises from improper validation of symbolic links during archive extraction, which may lead to remote code execution...

CVE-2026-24554

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554

Affected software: WordPress WPSubscription plugin (versions up to 1.9.1). Issue: Cross-Site Request Forgery (CSRF) vulnerability as described in CVE-2026-24554. CVSS v3.1 base score: 4.3 (Medium); attack vector NETWORK, attack complexity Low, privileges required None, user interaction Required, ...

EUVD-2026-31755

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

PT-2026-43138

Name of the Vulnerable Software and Affected Versions WPSubscription versions prior to 1.9.2 Description A Cross-Site Request Forgery CSRF flaw exists in the Convers Lab WPSubscription plugin. This issue allows an attacker to induce a victim to perform unintended actions on the web application by...

Security Bulletin: Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

Summary A path traversal vulnerability exists in multiple Langflow OSS file processing components Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, and Unstructured API that are based on BaseFileComponent. The vulnerability in the unpackbundle function allows attackers t...

CLEANSTART-2026-TL04302 Security fixes for CVE-2025-61727, CVE-2025-61729, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-vvgc-356p-c3xw applied in versions: 1.10.2-r0, 1.10.2-r1, 1.5.0-r0, 1.9.1-r0

Multiple security vulnerabilities affect the prometheus-node-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OS08278 Security fixes for CVE-2025-61727, CVE-2025-61729, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-vvgc-356p-c3xw applied in versions: 1.10.2-r0, 1.10.2-r1, 1.5.0-r0, 1.9.1-r0

Multiple security vulnerabilities affect the prometheus-node-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

OESA-2026-2309 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations i...

Linux Distros Unpatched Vulnerability : CVE-2026-43826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the fu...

GHSA-XCCP-97WP-3GJG Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

PYSEC-2026-23

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

UBUNTU-CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

CVE-2026-43826

The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...