Alibaba Cloud Linux 3 : 0102: openssh (ALINUX3-SA-2026:0102)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0102 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35385: In OpenSSH before 10.3, a...

Astra Linux - уязвимость в mariadb-10.3

MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...

CVE-2026-4693

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

Infinite loop

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Infinite loop

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

SUSE CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

CVE-2026-25990

CVE-2026-25990 : Pillow (Python Imaging Library) contains an out-of-bounds write when loading a specially crafted PSD image. Affected versions are 10.3.0 up to before 12.1.1; the issue is fixed in 12.1.1. The provided documents do not specify exploit status or in-the-wild details beyond this fix.

2026-02 .NET 10.0.3 Security Update for x86 Client (KB5077862)

2026-02 .NET 10.0.3 Security Update for x86 Client KB5077862...

CVE-2026-24358

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.3...

PT-2026-4254

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.3...

GHSA-V6X2-4Q87-RF82 Apache SkyWalking has a stored XSS vulnerability

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking versions = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to th...

Apache SkyWalking has a stored XSS vulnerability

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking versions = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to th...

CVE-2025-64216 WordPress SmartMag theme <= 10.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through = 10.3.0...

WordPress plugin Smart Notification SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen versions 10.3.x prior to 10.3.1.27 and 10.3.2.x prior to 10.3.3.1 The vulnerability stems from a vulnerability that could allow an unauthenticated attacker to submit a...

PT-2024-1264 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.3 watchOS versions prior to 10.3 tvOS versions prior to 17.3 iOS versions prior to 17.3 iPadOS versions prior to 17.3 Description: The issue is related to the handling of temporary files, which may allow an a...

Atlassian JIRA Server and JIRA Data Center Security Vulnerabilities

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system used to track and manage all types o...

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

...

PT-2023-25331

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager versions through 10.3 Sitecore Experience Platform versions through 10.3 Sitecore Experience Commerce versions through 10.3 Description Multiple Sitecore products are affected by a remote code execution issue. This...