com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +9 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.6 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...

CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Nex Team in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000165 advisory. An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessi...

CVE-2025-10145

...

EUVD-2025-15340

Malicious code in bioql PyPI...

EUVD-2024-28413

Malicious code in bioql PyPI...

EUVD-2023-33677

Malicious code in bioql PyPI...

CVE-2025-60121

Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through = 4.1.7...

CVE-2025-60121

CVE-2025-60121 refers to a Missing Authorization vulnerability in WooEvents (WooCommerce WordPress plugin) affecting versions up to 4.1.7. The Wordfence entry notes the issue with a CVSS v3.1 base score of 5.3 (Medium) and no patch is indicated as available in the provided documents. Exploitation...

WordPress plugin WooEvents 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-39568

Name of the Vulnerable Software and Affected Versions WooEvents versions through 4.1.7 Description An authorization issue exists in Ex-Themes WooEvents, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WooEvents to a version later than 4.1.7...

Linux Distros Unpatched Vulnerability : CVE-2018-19877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. CVE-2018-19877 Note that Nessus relies on the presence of the package ...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache USA Foundation. A security vulnerability exists in Apache Cassandra versions 3.0.30, 3.11.17, 4.0.16, 4.1.7, and 5.0.2, which stems from an improperly defined privilege that could lead to elevation of privilege...

Linux Distros Unpatched Vulnerability : CVE-2019-13640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in th...

CVE-2024-56915

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...

Netbox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from NetBox Community. A security vulnerability exists in Netbox Community version 4.1.7, which stems from unfiltered user input in the current value field in Configuration...

CVE-2024-56918

In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...

CVE-2024-56917

CVE-2024-56917 affects NetBox Community 4.1.7. The vulnerability is a cross-site scripting (XSS) flaw in the maintenance banner when NetBox runs in maintenance mode, allowing injected JavaScript to execute in a viewer’s browser. Affected component is the maintenance banner handling; root cause de...