CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

GHSA-74CF-PGH9-M5Q2 Apache IoTDB has an Insecure Default Configuration Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24015 Apache IoTDB: Insecure Default Configuration Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-26050

CVE-2026-26050 affects the installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール prior to version 1.3.7 . The issue is in the DLL search path which may cause insecure loading of Dynamic Link Libraries, enabling arbitrary code execution with administrative privileges . CVSS metrics from JPCERT quantify t...

Linux Distros Unpatched Vulnerability : CVE-2018-19205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue ...

WordPress plugin Pearl security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2013-7042

SUSE Lifecycle Management Server SLMS before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors...

CVE-2022-3605

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability...

PT-2022-21343 · WordPress · Wp Csv Exporter

Name of the Vulnerable Software and Affected Versions: WP CSV Exporter WordPress plugin versions prior to 1.3.7 Description: The issue allows high privilege users, such as admins, to perform SQL injection attacks due to improper sanitization and escaping of some parameters before using them in a...

GHSA-588M-9QG5-35PQ Reverse Tabnabbing in quill

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available...

VulnCheck KEV: CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...