JLSEC-2026-558

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2026-39712

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

PT-2026-31254

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.3 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in tagDiv Composer td-composer, allowing Stored XSS. The issue affects the software from n/a...

JupyterHub Has An Open Redirect Vulnerability

Affected Version JupyterHub = 5.4.3 Impact An open redirect vulnerability in JupyterHub =5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a...

@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)

@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

[20260305] - Core - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

[20260304] - Core - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

[20260306] - Core - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

argus-notification-msteams (=0.5.1), argus-server (>=1.0.0 <=1.22.1) +97 more potentially affected by CVE-2025-61783 via social-auth-app-django (>=5.0.0 <=5.4.3)

social-auth-app-django PYPI version =5.0.0, =1.0.0, =1.0.0, =4.14.0, =0.4.3, =0.8.7, =0.0.2a17, =1.0.0, =1.0.0, =1.2.0, =4.8.0, =0.0.2, =1.0.0, =1.1.0 and more Source cves: CVE-2025-61783 Source advisory: SNYK:PYTHON-SOCIALAUTHAPPDJANGO-13512562...

EUVD-2024-52146

Malicious code in bioql PyPI...

EUVD-2025-9637

Malicious code in bioql PyPI...

EUVD-2025-8072

Malicious code in bioql PyPI...

CVE-2025-55372

An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-55373

Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights...

CVE-2025-55373

Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights...

CVE-2025-55372

An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-55372

An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...