CLEANSTART-2026-WO11084 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-35204, CVE-2026-35205, ghsa-mh2q-q3fh-2475 applied in versions: 2.10.11-r0, 2.13.4-r0

Multiple security vulnerabilities affect the kumactl package. These issues are resolved in later releases. See references for individual vulnerability details...

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...

CLEANSTART-2026-FB05615 Security fixes for CVE-2025-15558, CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 2.13.4-r0, 2.13.4-r1, 2.13.4-r2

Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

Linux Distros Unpatched Vulnerability : CVE-2026-31891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a...

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

CVE-2026-23976

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through = 2.13.4...

CVE-2026-23976 WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through = 2.13.4...

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

PT-2024-16886 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.4 Description: The vulnerability allows unauthenticated attackers to extract sensitive...

joplin (>=2.10.1 <=2.13.2) potentially affected by CVE-2024-53268 via @joplin/lib (>=2.10.2 <=2.13.4)

@joplin/lib NPM version =2.10.2, =2.10.1, =2.13.2 Source cves: CVE-2024-53268 Source advisory: SNYK:JS-JOPLINLIB-15048153...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.12.3 is vulnerable to Arbitrary File Upload

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.13.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6123 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 569eb657724e Credits István Márton Required...

CVE-2024-28231

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminate...

Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Asset Management application (IBM X-Force ID: 256137)

Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Asset Management application. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints valu...

Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (IBM X-Force ID: 256137)

Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

UBUNTU-CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

FasterXML jackson-databind 代码问题漏洞

FasterXML jackson-databind is FasterXML a JAVA-based data formats such as XML and JSON and JAVA objects can be converted to the library . Jackson can easily convert Java objects into json objects and xml documents , the same can be converted to json, xml Java objects. FasterXML jackson-databind...