CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3

CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3. A patched version of the package is available...

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2026-3348

Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

PT-2026-43636

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

Astra Linux - уязвимость в git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

JLSEC-2026-505

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

CLEANSTART-2026-GH89210 Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

NiceGUI 3.6.1 - Path Traversal

Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8–3.12 on Linux/Windows CVE: CVE-2026-25732 Affected Versions: = 3.6.1 fixed in 3.7.0 Type: Remote...

CVE-2026-42379

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

CVE-2026-42379 WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Templately versions = 3.6.1...

PT-2026-35374

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

git-lfs security update

3.6.1-8 - Rebuild with new Golang...

CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...