EUVD-2026-14984

Astro: Remote allowlist bypass via unanchored matchPathname wildcard...

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

Astro 输入验证错误漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro from 2.10.10 to 5.18.1 had a vulnerability related to input validation errors. This vulnerability stemmed from defects in the path matching logic of remotePatterns, which could allow access to paths that...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001746)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001746 advisory. net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an...

CVE-2025-54305

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from improper path cleanup in the file upload feature and could lead to remote code...

CVE-2025-54305

CVE-2025-54305 affects Thermo Fisher Torrent Suite Django application version 5.18.1. The LocalhostAuthMiddleware authenticates users as ionadmin when request.META[REMOTE_ADDR] is 127.0.0.1, 127.0.1.1, or ::1, allowing any user with local server access to bypass authentication. Documented impact ...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher, Inc. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from insufficient validation of inputs to the network configuration function and could...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which originates in the LocalhostAuthMiddleware middleware that performs automated authentication to ...

GHSA-7WJ8-856P-QC9M Stored XSS in REDAXO

Summary Stored XSS in REDAXO 5.18.1 - Article / "content/edit". Details On the latest version of Redaxo, v5.18.1, the article name field is susceptible to stored XSS. Impact A malicious actor can easily steal cookie using this stored XSS and perform a session hijacking attack...

REDAXO 代码注入漏洞

REDAXO is REDAXO open source a content management system . REDAXO 5.18.1 version of the existence of code injection vulnerability , the vulnerability stems from the file / index.php?page=structure&categoryid=1&articleid=1&clang=1&function=editart&artstart=0 of Article Name parameter can lead to...

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.1.0 <=2.1.0-RC2), io.github.qsy7.java.dependencies:neo4j (=0.3.3) +29 more potentially affected by CVE-2024-34517 via org.neo4j:neo4j-cypher (>=5.10.0 <=5.18.1)

org.neo4j:neo4j-cypher MAVEN version =5.10.0, =2.1.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.1, =5.18.0 and more Source cves: CVE-2024-34517 Source advisory: OSV:GHSA-P343-9QWP-PQXV...

PT-2024-24391 · Aitthemes · Aitthemes Citadela Listing

Name of the Vulnerable Software and Affected Versions: AitThemes Citadela Listing versions through 5.18.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not hav...

WordPress Plugin Citadela Listing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Citadela Listing Version...

CVE-2024-32085

Cross-Site Request Forgery CSRF vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0...

WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability

Unauth. Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Citadela Listing versions = 5.18.1...

WordPress Citadela Listing Plugin <= 5.18.1 is vulnerable to Sensitive Data Exposure

Software Citadela Listing Type Plugin Vulnerable versions = 5.18.1 Fixed in 5.19.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32086 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a5c3aebb62b7 Credits Dave Jong Patchstack...

AlmaLinux 8 : kernel (5819) (ALSA-2022:5819)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5819 advisory. - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow a...