SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

Missing Authentication for Critical Function

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the registrar's TLS context being configured with ssl.CERTOPTIONAL instead of requiring clien...

Avada <= 7.13.2 - Missing Authorization

Description The Avada theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.13.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

CVE-2025-64634 WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.2...

WordPress plugin Avada 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Atlassian Jira 7.6.0 < 7.6.11 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

Atlassian Jira 7.7.0 < 7.13.1 Xss In The Labels Widget Gadget

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 7.6.11 or 7.7.x prior to 7.13.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

UPM: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary UPM is currently using underscore.js 1.4.4. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variabl...

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...

Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-27253)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in the activity stream gadget in Atlassian Jira versions prior to 7.13.1. The...

CVE-2018-20824

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the cyclePeriod parameter...

Gentoo Security Advisory GLSA 200503-20 (curl)

The remote host is missing updates announced in advisory GLSA 200503-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...