PT-2026-33184

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-39355

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355

CVE-2026-39355 affects the Genealogy PHP application. Before version 5.9.1, a broken access control in TeamController::transferOwnership() lets any authenticated user transfer ownership of arbitrary non-personal teams to themselves, enabling takeover of team workspaces and access to associated da...

EUVD-2026-9600

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

CVE-2016-9271

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature...

CVE-2025-67568

Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through = 5.9.1...

EUVD-2025-202078

Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through = 5.9.1...

PT-2025-43786

Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through = 5.9.1...

JLSEC-2025-5 Lack of validation for user-provided fields in GitHub.jl

There is a lack of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validated or safely encoded and are sent directly to the server. Impact This means a user can add path...

EUVD-2025-19117

Malicious code in bioql PyPI...

CVE-2025-28987

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987 WordPress PressForward <= 5.9.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987

CVE-2025-28987 affects the WordPress plugin PressForward (versions up to 5.9.1 as stated in multiple sources). The vulnerability is a Server-Side Request Forgery (SSRF) issue with a CVSS v3.1 base score of 6.4 (Medium); impact is limited to confidentiality/integrity and no impact on availability ...

WordPress plugin PressForward 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2025-52569 GitHub.jl lacks validation for user-provided fields

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validate...

Julia GitForge 输入验证错误漏洞

Julia GitForge is a Julia open source interface for interacting with Git forges. An input validation error vulnerability exists in Julia GitForge versions prior to 5.9.1, which stems from a lack of input validation and could lead to a path traversal attack...

CVE-2024-37944

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1...

CVE-2023-48104

Alinto SOGo before 5.9.1 is vulnerable to HTML Injection...