1737 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000160)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000160 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000162)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000162 advisory. The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...
PT-2025-54318
Name of the Vulnerable Software and Affected Versions Webvitaly Extra Shortcodes versions through 2.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting XSS issue. This allows for the injection of...
CVE-2025-63948
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...
Next level Kotlin support in Spring Boot 4
Following the announcement of the strategic partnership between JetBrains and Spring in May, I would like to share a global update on various Kotlin-related features and documentation enhancements we have made recently, with the goal of making Spring Boot 4 the best framework to develop backend...
CVE-2025-14050
The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14050
CVE-2025-14050 : The WordPress plugin “Design Import/Export – Styles, Templates, Template Parts and Patterns” is affected by an SQL Injection via XML File Import in all versions up to 2.2. The root cause is insufficient escaping of the user-supplied parameter and a poorly prepared SQL query, enab...
WordPress plugin Design Import/Export SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-icons (>=0.0.13 <=0.0.15) +1183 more potentially affected by CVE-2025-8083 via vuetify (>=2.2.0 <=2.7.2)
vuetify NPM version =2.2.0, =0.0.5, =0.0.13, =0.0.13, =0.0.13, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.3, =0.1.22 and more Source cves: CVE-2025-8083 Source advisory: SNYK:JS-VUETIFY-14412764...
CVE-2025-36140
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140 IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
PT-2025-49602
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
PT-2025-47522
Name of the Vulnerable Software and Affected Versions FileCodeBox versions prior to 2.3 Description A stored cross-site scripting XSS issue exists in the text sharing feature. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". This...
FileCodeBox 安全漏洞
FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox 2.2 and earlier versions, which stems from path traversal and could lead to arbitrary file writes...
CVE-2025-51662
A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...
CVE-2025-11821 Woocommerce – Products By Custom Tax <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooproductscustomtax' shortcode in all versions up to, and including, 2.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
PT-2025-46251
Name of the Vulnerable Software and Affected Versions Woocommerce – Products By Custom Tax plugin for WordPress versions up to and including 2.2 Description The Woocommerce – Products By Custom Tax plugin for WordPress has a Stored Cross-Site Scripting issue related to the woo products custom tax...
WordPress Woocommerce – Products By Custom Tax plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Woocommerce – Products By Custom Tax versions = 2.2...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.24.0 Release.
Red Hat OpenShift Dev Spaces 3.24.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.24 release is based on...
EUVD-2001-1538
Malware in sbrugna...