WordPress plugin YML for Yandex Market 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

PT-2026-29276

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 4.2.14 contained security vulnerabilities. These vulnerabilities were caused by startup defects that led to incomplete loading of access policies, potentially resulting in imprope...

OPENSUSE-SU-2026:20391-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.8.1 ESR Add mail.openpgp.loaduntestedgpgmeversion to load untested GPGME version - Mozilla Thunderbird 140.8.0 ESR MFSA 2026-17 boo1258568 CVE-2026-2757 bmo2001637 Incorrect...

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.554 and earlier, as well as LTS 2.541.2 and earlier, have security vulnerabilitie...

EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2026-1252)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain...

GNU BinUtils 安全漏洞

GNU BinUtils is a set of programming tools for processing binary files in the GNU community in the United States. Versions of GNU Binutils prior to 2.45.1 contained security vulnerabilities, which stemmed from defects in the DWARF parsing logic when dealing with specialized binary files. These...

Kiteworks 代码问题漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained code-related vulnerabilities. These vulnerabilities stemmed from defects in the configuration functionality, which could allow the upload o...

Kiteworks 代码问题漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained code vulnerabilities. These vulnerabilities stemmed from defects in the configuration functionality, which could allow attacks via DNS...

tfplan2md 安全漏洞

tfplan2md is a Markdown document generation tool developed by Mathias Raacke. Versions of tfplan2md prior to 1.26.1 contained security vulnerabilities; these vulnerabilities stemmed from defects in multiple rendering paths, which could lead to the exposure of sensitive values...

AutoGPT 授权问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. However, AutoGPT has authorization-related vulnerabilities. These vulnerabilities stem from defects in the authentication mechanism, which may allow attackers to bypass authentication and...

BeyondTrust Remote Support和BeyondTrust Privileged Remote Access 安全漏洞

BeyondTrust Remote Support and BeyondTrust Privileged Remote Access BeyondTrust PRA are both products from the American company BeyondTrust. BeyondTrust Remote Support is a remote desktop access, helpdesk, and collaboration software suitable for Windows, Mac, Linux, iOS iPad, iPhone, etc...

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, stemming from defects in buffer allocation logic. These vulnerabilities may lead to uninitialized memory leaks, resulting in the disclosure o...

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes...

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes...

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes...

CVE-2026-21265

CVE-2026-21265 describes a Secure Boot bypass tied to expiration of Microsoft root certificates in the UEFI KEK/DB chain. Affected certificates include KEK CA 2011 (expires 2026-06-24), UEFI CA 2011 (expires 2026-06-27), and Windows Production PCA 2011 (expires 2026-10-19). The vulnerability aris...

CVE-2021-22373

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability...