Astra Linux - уязвимость в ruby2.5

A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-15599...

CVE-2026-7747

CVE-2026-7747 affects Totolink N300RH (firmware 3.2.4-B20220812). The vulnerability lies in the Parameter Handler’s file /cgi-bin/cstecgi.cgi, specifically the loginauth function where manipulating the Password argument can cause a buffer overflow. It is network-borne with no authentication requi...

WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced Classifieds & Directory Pro versions = 3.2.4...

sfx (=0.1.0) potentially affected by CVE-2026-34589 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34589 Source advisory: OSV:GHSA-P8XC-W3Q4-H64X...

sfx (=0.1.0) potentially affected by CVE-2026-34589 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34589 Source advisory: SNYK:PYTHON-OPENEXR-15993179...

sfx (=0.1.0) potentially affected by CVE-2026-34588 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34588 Source advisory: OSV:GHSA-588R-CR5C-W6HF...

sfx (=0.1.0) potentially affected by CVE-2026-34379 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...

openSUSE 16 Security Update : freeciv (openSUSE-SU-2026:20423-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20423-1 advisory. Changes in freeciv: - freeciv 3.2.4: CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server boo1260036 SDL2 client: Fix crash on...

CVE-2026-32372

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

freeciv-3.2.4-1.1 on GA media (moderate)

freeciv-3.2.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10401-1 Rating: moderate Cross-References: CVE-2026-33250 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the freeciv-3.2.4-1.1...

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

PT-2026-26965

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $ SERVER'REQUEST URI' t...

OPENSUSE-SU-2026:10401-1 freeciv-3.2.4-1.1 on GA media

These are all security issues fixed in the freeciv-3.2.4-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-27367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

PT-2026-23247

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through = 3.2.4...