app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +981 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.0.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.10.0, =1.10.0, =1.10.0, =1.0.0, =1.55.1, =1.55.1, =3.1.0, =3.1.0, =8.4.0, =1.0.0, =17.16.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory:...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +3034 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.4.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2026-22751 Source advisory:...

@kids-reporter/cms-core (>=1.0.17 <=1.0.32), @kids-reporter/draft-editor (>=1.0.19 <=1.0.32) potentially affected by CVE-2025-46720 +1 more via @keystone-6/core (=6.5.1)

@keystone-6/core NPM version =6.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/core and may be impacted: - @kids-reporter/cms-core =1.0.17, =1.0.19, =1.0.32 Source cves: CVE-2025-46720, CVE-2026-33326 Source advisory:...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin = 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Converter for Media versions = 6.5.1...

CVE-2026-1356

CVE-2026-1356 affects the WordPress plugin “Converter for Media – Optimize images | Convert WebP & AVIF” and its vulnerable scope includes all versions up to and including 6.5.1. The issue is a Server-Side Request Forgery (SSRF) via PassthruLoader::load_image_source, enabling unauthenticated atta...

WordPress plugin Converter for Media 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Registration Form vulnerability

Reflected XSS via Registration Form vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thifx in WordPress Plugin Shortcoder versions = 6.5.1...

PT-2025-51222

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible f...

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin FileBird Pro versions = 6.5.1...

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

EUVD-2025-34669

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

EUVD-2020-12616

Malware in sbrugna...