OPENSUSE-SU-2026:10899-1 mcphost-0.34.0-7.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-7.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10743-1 tar-1.35-7.1 on GA media

These are all security issues fixed in the tar-1.35-7.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) contains an access-control flaw (CWE-862) that could allow an authenticated user to view and edit data beyond their authorized permissions. The issue arises from insufficient authorization enforcement and has a CVSS v3.1 ba...

PT-2026-20706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

EUVD-2026-3536

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Oracle Analytics Cloud. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

CVE-2021-22193

An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project...

CVE-2023-25463

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy WP tell a friend popup form plugin = 7.1 versions...

CVE-2021-41189

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a...

CVE-2021-2280

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability

Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Plugin Optimizer versions = 1.3.7...

CVE-2025-54971

The CVE-2025-54971 entry applies to Fortinet FortiADC: versions 6.2 and 7.0–7.2, and 7.4.0. The issue stems from information exposure that allows an admin with read-only privileges to obtain external resources passwords via the product logs, constituting a sensitive data disclosure vulnerability....

Fortinet FortiADC 信息泄露漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiADC, which stems from the exposure of sensitive information and could lead to obtaining passwords for external resources. The following versions are affected...

Security Bulletin: IBM Engineering Test Management bundles IBM WebSphere Application Server which could provide weaker than expected security.

Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management could provide weaker than expected security for TLS connections CVE-2025-33142. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

OPENSUSE-SU-2025:15680-1 ongres-scram-3.2-7.1 on GA media

These are all security issues fixed in the ongres-scram-3.2-7.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-33895

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

EUVD-2025-33894

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2139 IBM Engineering Requirements Management Doors Next security bypass

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...