Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update

Red Hat JBoss Web Server 6.2.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...

RHSA-2026:12194 Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Bulletin has no description...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.107.0) +101 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.2)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.1.0 - io.mats3:mats-spring-test =B-2.0.0.B0+2025-10-22 and more Source cves: CVE-2026-34197 Source advisory: OSV:GHSA-RXPJ-7QVF-XV32...

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

@antora/cli (>=2.3.2 <=3.0.0-alpha.9), @antora/playbook-builder (>=2.3.2 <=3.0.0-alpha.9) +54 more potentially affected by CVE-2026-33864 via convict (>=6.0.0 <=6.2.2)

convict NPM version =6.0.0, =2.3.2, =2.3.2, =2.3.2, =1.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.7.0 and more Source cves: CVE-2026-33864 Source advisory: SNYK:JS-CONVICT-15182994...

EUVD-2006-4714

Malware in sbrugna...

EUVD-2024-49212

Malicious code in bioql PyPI...

EUVD-2023-2807

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 t...

CVE-2025-8451

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. Thi...

CVE-2025-8451

CVE-2025-8451 — The WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets (Essential Addons for Elementor Lite) is vulnerable to a DOM-based Stored XSS via the data-gallery-items parameter in all versions up to and including 6.2.2. The issue arises from insuffici...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Essential Addons for Elementor plugin <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.2.2...

CVE-2023-28517

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-5452

Cross-site Scripting XSS - Stored in GitHub repository snipe/snipe-it prior to v6.2.2...

CVE-2025-32559

Cross-Site Request Forgery CSRF vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through = 6.4.4...

CVE-2025-1287

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-8481

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...