OESA-2026-2303 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

EUVD-2026-28359

Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

EUVD-2026-26375

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before...

CVE-2025-49936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through 8.3.2...

CVE-2025-49936 WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through 8.3.2...

CVE-2025-49936 WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through 8.3.2...

PT-2025-43200

Name of the Vulnerable Software and Affected Versions xtemos WoodMart versions prior to 8.3.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the execution of malicious...

CVE-2024-1235

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

PYSEC-2021-317

The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function...

CVE-2019-8446

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check...

PT-2019-10252 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Secure Pulse Connect Secure versions 8.3RX before 8.3R2 Description: An input validation issue has been found in the login meeting.cgi component. Recommendations: For Pulse Secure Pulse Connect Secure versions 8.3RX before 8.3R2, update...

CVE-2018-15707

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things...

Advantech WebAccess stack buffer overflow vulnerability (CNVD-2018-21797)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A stack buffer overflow vulnerability exists in Advantech...

PT-2018-17475 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.1RX through 8.1R11 Pulse Connect Secure PCS versions 8.3RX through 8.3R1 Pulse Policy Secure PPS versions 5.2RX through 5.2R8 Pulse Policy Secure PPS versions 5.4RX through 5.4R1 Description: A vulnerabilit...

Foxit Reader Document Object author Attribute Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the author attribute of the Document object in Foxit Reader version 8.3.2.25013, where the program fails to adequately validate the existence of an object before...

CVE-2017-12423

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines SVMs via unspecified vectors...

CVE-2016-4341

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors...

NetApp OnCommand System Manager Denial of Service Vulnerability

NetApp OnCommand System Manager is a suite of storage management tools from NetApp, USA. The tool supports simplifying, controlling, and automating the setup and ongoing management of NetApp storage systems. A denial of service vulnerability exists in versions of NetApp OnCommand System Manager...