35 matches found
CVE-2025-64152
CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...
CVE-2026-9844
The vulnerability CVE-2026-9844 affects Roche Diagnostics navify Digital Pathology, specifically the RabbitMQ Management interface modules, where default credentials are used. Affected versions are navify Digital Pathology 2.0.0 up to (but not including) 2.4.1. The problem is the use of default u...
CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...
PT-2026-42426
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An unbounded memory reallocation in the charset conversion code allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
ace-step (=0.1.0), admetica (>=1.3.0 <=1.4.1) +214 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=2.0.0 <=2.6.0)
pytorch-lightning PYPI version =2.0.0, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 - anytext-z =0.1.1 - arcagent =0.0.1 - arccmd =0.2.0 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-16643334...
org.apache.storm:storm-webapp-bin (>=2.0.0 <=2.8.5) potentially affected by CVE-2026-35565 via org.apache.storm:storm-webapp (>=2.0.0 <=2.8.5)
org.apache.storm:storm-webapp MAVEN version =2.0.0, =2.0.0, =2.8.5 Source cves: CVE-2026-35565 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16321660...
CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
CVE-2026-33129
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
EUVD-2026-10310
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
CVE-2026-24713
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
PT-2026-4407
Name of the Vulnerable Software and Affected Versions bPlugins B Accordion versions through 2.0.0 Description A flaw exists in bPlugins B Accordion b-accordion that allows the retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update to ...
PT-2026-4438
Name of the Vulnerable Software and Affected Versions themebeez Simple GDPR Cookie Compliance versions through 2.0.0 Description An issue exists in themebeez Simple GDPR Cookie Compliance where incorrectly configured access control security levels can be exploited, leading to a missing...
net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)
org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: OSV:GHSA-X832-FPVJ-R5PH...
abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)
python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: SNYK:PYTHON-PYTHONSOCKETIO-13450297...
CVE-2025-58359
Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +326 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)
org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...
CVE-2025-47705
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting XSS.This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2...
UBUNTU-CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
@24hr/content-next (>=1.0.0 <=3.0.17), @akemona-org/strapi (>=3.10.1 <=3.17.2) +775 more potentially affected by CVE-2025-25200 via koa (>=2.0.0 <=2.15.3)
koa NPM version =2.0.0, =1.0.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.50, =0.0.7, =1.0.1, =0.0.0, =0.4.2-alpha.0, =0.15.0 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...