OPENSUSE-SU-2026:10901-1 rqlite-10.1.0-2.1 on GA media

These are all security issues fixed in the rqlite-10.1.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10847-1 rqlite-10.1.0-1.1 on GA media

These are all security issues fixed in the rqlite-10.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Information Disclosure in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

EUVD-2026-21053

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

Lavalite CMS 安全漏洞

Lavalite CMS is an open-source content management system based on PHP. Version 10.1.0 of Lavalite CMS has a security vulnerability caused by improper access control, which may allow low-privilege users to directly access the administration backend...

EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

LavaLite cross-site scripting vulnerabilities

LavaLite is a lightweight content management system developed under the Lavalite open source project. Versions of LavaLite 10.1.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improperly encoded HTML or JavaScript stored in the package creation and...

Improper Authorization Third-Party Dependency in Confluence Data Center and Server - CVE-2025-41248

This High severity vulnerability known as CVE-2025-41248 was introduced in 10.1.0 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends that Confluence Data Center and Server custome...

EUVD-2017-1268

Malware in sbrugna...

EUVD-2018-9199

Malware in sbrugna...

EUVD-2020-9326

Malware in sbrugna...

EUVD-2025-2918

Malicious code in bioql PyPI...

EUVD-2022-32408

Malicious code in bioql PyPI...

EUVD-2025-24574

Malicious code in bioql PyPI...

WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability

Content Injection vulnerability discovered by Najib Sinjari in WordPress Plugin WP Recipe Maker versions 10.1.0...

CVE-2025-59546

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59539

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...