Astra Linux - уязвимость в python-django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with appropriately crafted file names...

CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JW58725 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2x5j-vhc8-9cwm, ghsa-2xsj-vh29-9cwm, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-r6j8-c6r2-37rr applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.0.22-r0, 3.0.23-r0, 3.0.23-r1, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4

Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

CVE-2021-47794

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a...

MiracleLinux 9 : corosync-3.1.9-2.el9_6 (AXSA:2025-10298:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10298:01 advisory. corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 Tenable has extracted the preceding description block directly from the...

CVE-2023-25992

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CreativeMindsSolutions CM Answers plugin = 3.1.9 versions...

CVE-2025-12383

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

Eclipse Jersey 竞争条件问题漏洞

Eclipse Jersey is a Java Web services development framework from the Eclipse Foundation. A Competitive Conditions Issue vulnerability exists in Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9, which stems from a competitive condition that could lead to the omission of critical SSL configurations,...

WordPress AI Engine plugin <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization vulnerability

Authenticated Subscriber+ PHP Object Injection via PHAR Deserialization vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 3.1.8...

WordPress Rey Core plugin <= 3.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Rey Core versions = 3.1.8...

WordPress Graphina plugin <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Chart Widgets vulnerability discovered by Webbernaut in WordPress Plugin Graphina versions = 3.1.8...

PT-2025-45097

Name of the Vulnerable Software and Affected Versions Graphina – Elementor Charts and Graphs plugin for WordPress versions through 3.1.8 Description The Graphina – Elementor Charts and Graphs plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple chart widgets. This i...

EUVD-2023-50393

Malicious code in bioql PyPI...

EUVD-2024-23224

Malicious code in bioql PyPI...

EUVD-2023-29879

Malicious code in bioql PyPI...

EUVD-2023-27917

Malicious code in bioql PyPI...

EUVD-2022-7603

Malicious code in bioql PyPI...

EUVD-2022-7735

Malicious code in bioql PyPI...

EUVD-2025-31085

Malicious code in bioql PyPI...