@1771technologies/oneplay (>=0.0.1 <=0.0.6), @aklesky/vite-config (>=1.0.0 <=1.0.1) +192 more potentially affected by CVE-2026-39363 via vite (>=6.0.0 <=6.4.1)

vite NPM version =6.0.0, =0.0.1, =1.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =19.1.0, =0.55.0, =0.21.2-4.1, =0.4.2, =0.4.11 and more Source cves: CVE-2026-39363 Source advisory: OSV:GHSA-P9FF-H696-F583...

CVE-2026-33727 Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root).

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2021-41027

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device...

WordPress plugin Recras 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Command Injection

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Command Injection due to improper escaping of command arguments when generating temporary credential. An attacker can execute arbitrary operating system commands by...

RHOPHI Analytics LLP Office App-Edit Word 安全漏洞

RHOPHI Analytics LLP Office App-Edit Word is a document editing software from RHOPHI Analytics LLP. A security vulnerability exists in RHOPHI Analytics LLP Office App-Edit Word version 6.4.1, which stems from a lack of security checks during the file import process and could lead to directory...

EUVD-2023-36810

Malicious code in bioql PyPI...

EUVD-2023-36809

Malicious code in bioql PyPI...

EUVD-2021-30017

Malicious code in bioql PyPI...

EUVD-2024-52343

Malicious code in bioql PyPI...

EUVD-2023-36805

Malicious code in bioql PyPI...

EUVD-2024-52344

Malicious code in bioql PyPI...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +887 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.1)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =0.0.69, =0.0.35, =3.4.0.2 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

GHSA-CV2M-5PFP-F245 Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

PT-2025-35568

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.1 through 6.4.2 Description: A user enumeration issue exists in the /CredentialsServlet/ForgotPassword endpoint. This allows remote attackers to determine valid usernames via the Login parameter. Recommendations:...

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas versions 6.4.1 and 6.4.2, which stems from user...