PT-2026-45697

CVE-2026-47187, CVE-2026-48711: sshfs = 3.7.5 symlink escape local file read/write and ssh argument injection local command execution https://t.co/CDODWFAiSy Fixed in 3.7.6...

EUVD-2026-23306

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

CLEANSTART-2026-LS30652 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

River Past Cam Do 代码问题漏洞

River Past Cam Do is a multimedia tool software for screen recording and video capture, developed by FlexHEX. Version 3.7.6 of River Past Cam Do contains a code vulnerability. This vulnerability stems from a local buffer overflow in the activation code input field, which could allow local attacke...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000823 advisory. The msropen function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted...

EUVD-2022-5647

Malicious code in bioql PyPI...

CVE-2023-22380

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

AZL-59338 CVE-2024-48615 affecting package cmake for versions less than 3.21.4-17

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...

CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...

CVE-2024-44313

Summary: CVE-2024-44313 affects TastyIgniter 3.7.6. An Incorrect Access Control flaw in the invoice() function of Orders.php allows unauthorized users to access and generate invoices due to missing permission checks. What’s affected: TastyIgniter 3.7.6; vulnerable component: app/admin/controllers...

TastyIgniter 安全漏洞

TastyIgniter is an online ordering software from TastyIgniter open source. A security vulnerability exists in TastyIgniter version 3.7.6, which stems from improper access control of the indexonUpdateStatus function in the Orders Management System, which could result in an unauthorized user updati...

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control in the Orders Management System. The vulnerability resides in Orders.php: index_onUpdateStatus(), which fails to verify a user’s permission before updating an order’s status. This allows unauthorized users to remotely modify orders (I:H, P:L...

CVE-2024-37358

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

GHSA-56JP-W6VW-J3JW Apache James vulnerable to denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

CVE-2024-37358

Technical details about CVE-2024-37358 (affected software, impact, and fixes) are not provided in the connected documents. Monitor for updates.

CVE-2024-37358 Apache James: denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

WordPress Plugin Ultimate Dashboard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server version before 3.7.6 has a security vulnerability , the...