com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: OSV:GHSA-VF5J-865M-MQ7C...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16354036...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42778 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42778 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16354035...

EUVD-2026-26493

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the link.href check being case-sensitive, which could allow attackers to inject arbitrary CSS for UI masking or da...

CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-2861 Foswiki Changes/Viewfile/Oops information disclosure

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

MiracleLinux 3 : mailman-2.1.11-3.4.AXS3 (AXSA:2011-74:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-74:01 advisory. Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing...

CVE-2025-60045

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through = 2.1.11...

CVE-2025-60045 WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through = 2.1.11...

EUVD-2025-204140

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through = 2.1.11...

CVE-2025-60045

CVE-2025-60045 describes a Missing Authorization vulnerability in the WordPress plugin IDonatePro (IDonate-pro) affecting versions up to 2.1.11. The root cause is lack of proper authorization checks allowing access to functionality not constrained by ACLs, i.e., a broken access control issue. The...

PT-2025-52106

Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through = 2.1.11...

EUVD-2013-5058

Malware in sbrugna...