Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.2 security update

Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...

Active Debug Code

Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...

GHSA-M59H-42JF-CPHR Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...

3lc (>=2.19.0 <=2.21.3), litestar-htmx (>=0.1.0 <=0.3.0) +2 more potentially affected by CVE-2026-25480 via litestar (>=2.0.0b2 <=2.15.2)

litestar PYPI version =2.0.0b2, =2.19.0, =0.1.0, =0.2.0, =0.3.14, =0.3.35 Source cves: CVE-2026-25480 Source advisory: SNYK:PYTHON-LITESTAR-15253019...

EUVD-2024-0835

Malicious code in bioql PyPI...

DotWallet App 安全漏洞

DotWallet App is a digital asset wallet application from China-based DotWallet. A security vulnerability exists in DotWallet App version 2.15.2, which stems from improper export of AndroidManifest.xml...

WordPress plugin Offsprout Page Builder 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...

WordPress plugin Bit Form 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

GHSA-5PF6-2QWX-PXM2 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Impact What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is here also inline, emphasis added: if p.Client == n...

Go SDK for CloudEvents Security Vulnerability

Go SDK for CloudEvents is an official CloudEvents SDK open sourced by CloudEvents. A security vulnerability exists in Go SDK for CloudEvents versions prior to 2.15.2, which stems from the presence of a credential leak...

PT-2024-2218

Name of the Vulnerable Software and Affected Versions Go SDK for CloudEvents versions prior to 2.15.2 Description The issue is related to the cloudevents.WithRoundTripper function in the Go SDK for CloudEvents, which causes the SDK to leak credentials to arbitrary endpoints when used with an...

GHSA-9X43-5QCQ-H79Q Django Grappelli Open Redirect vulnerability

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

Xxe

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

PT-2023-12618 · Unknown · Django-Grappelli

Name of the Vulnerable Software and Affected Versions: django-grappelli versions prior to 2.15.2 Description: The issue arises from the views/switch.py file in django-grappelli, which attempts to prevent external redirection by checking if a URL starts with /. However, this approach does not...

CVE-2023-35116

CVE-2023-35116 : IBM/IBM X-Force bulletin confirms a vulnerability in FasterXML jackson-databind (affected up to 2.15.2) where a crafted object with cyclic dependencies could cause denial of service or other unspecified impact during serialization. The vendor notes this report as not a valid vuln...

FasterXML jackson-databind 代码问题漏洞

FasterXML jackson-databind is FasterXML company based on a JAVA can be XML and JSON and other data formats and JAVA objects for the conversion of the library . Jackson can be easily converted into Java objects and json objects and xml documents , the same can be json, xml conversion into Java...

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

PYSEC-2022-13

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...