CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

CVE-2026-44930

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

PT-2026-42754

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

CVE-2024-41942

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

WordPress Houzez plugin <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzezpropertyimgupload and houzezpropertyattachmentupload functions. This makes it possib...

CVE-2025-9163

The CVE-2025-9163 entry concerns the WordPress Houzez theme vulnerable to Stored Cross-Site Scripting via SVG file uploads in versions up to 4.1.6. Root cause: insufficient input sanitization and output escaping in the functions houzez_property_img_upload() and houzez_property_attachment_upload()...

WordPress plugin Houzez 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2017-3066

Malware in sbrugna...

EUVD-2020-18830

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-23969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...

CVE-2024-12018

The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...

CVE-2024-31281

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...

CVE-2024-6665 kbucket < 4.1.6 - Admin+ Stored XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

BIT-MASTODON-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machinelist view...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2024-27137 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2024-27137 Source advisory: OSV:GHSA-RGFX-7P65-3FF4...

CVE-2025-24562

Cross-Site Request Forgery CSRF vulnerability in Optimal Access KBucket kbucket allows Stored XSS.This issue affects KBucket: from n/a through = 4.1.6...