Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: caddy: caddy-2.11.3-0.1.hum1 aarch64, x8664 caddy-2.11.3-0.1.hum1.src src...

EUVD-2026-20329

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

CVE-2026-39659

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-39659

...

CVE-2026-39659

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2026-31222

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

MiracleLinux 9 : python-jinja2-2.11.3-8.el9_5 (AXSA:2025-9829:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9829:04 advisory. jinja2: Jinja sandbox breakout through attr filter selecting format method CVE-2025-27516 Tenable has extracted the preceding description block directly from...

Monsta FTP downloadFile Remote Code Execution

This module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions use exploit/multi/http/monstaftpdownloadfilerce msf exploitmonstaftpdownloadfilerce show targets ...targets... msf exploitmonstaftpdownloadfilerce set TARGET msf exploitmonstaftpdownloadfilerce sho...

TencentOS Server 4: harbor (TSSA-2025:0614)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-32019

Harbor (the open source cloud-native registry) contains a stored XSS vulnerability in the markdown field of the info tab. Affected versions are 2.11.2 and earlier, and 2.12.0-rc1 and 2.13.0-rc1. The issue is fixed in Harbor 2.11.3 and 2.12.3. Existence and details are supported by multiple source...

Cockpit 代码注入漏洞

Cockpit is an interactive server management interface for Cockpit open source. A code injection vulnerability exists in Cockpit 2.11.3 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/email in the file /system/users/save...

CVE-2024-29802

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3...

[SECURITY] [DLA 4126-2] jinja2 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-2 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 30, 2025 https://wiki.debian.org/LTS -...

BIT-MLFLOW-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

VMware Spring Cloud Data Flow 安全漏洞

VMware Spring Cloud Data Flow is a codebase for streaming and batch data processing in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow versions 2.11.0 through 2.11.3, which originates from a malicious user with privileged access to the server's API...

Argo CD 安全漏洞

Argo CD is a declarative GitOps continuous delivery tool for Kubernetes open-sourced by the Argo Project. A security vulnerability exists in Argo CD versions 2.6.0 through 2.11.3, which stems from a web terminal that allows a user to obtain a shell inside a running Pod. When an administrator...

Nginx Proxy Manager Security Vulnerability

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager versions prior to 2.11.3, which stems from a vulnerability that allows authenticate...

BIT-ARGO-CD-2024-36106 Argo CD allows authenticated users to enumerate clusters by name

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. Thi...

Local File Inclusion in mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...