Critical: Red Hat Security Advisory: Streams for Apache Kafka 3.2.0 release and security update

Streams for Apache Kafka 3.2.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

CVE-2026-32493 WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 3.2.0...

WordPress plugin New User Approve 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21121

Name of the Vulnerable Software and Affected Versions Saad Iqbal New User Approve versions through 3.2.0 Description An authorization issue exists in the New User Approve functionality, allowing exploitation due to incorrectly configured access control security levels. The affected functionality ...

CVE-2022-32086

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2025-15380

The CVE-2025-15380 entry concerns the NotificationX WordPress plugin (FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar). Affected versions up to and including 3.2.0 are vulnerable to DOM-Based Cross-Site Scripting via the ...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

CVE-2025-15220 SohuTV CacheCloud LoginController.java init cross site scripting

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...

PT-2025-53908

Name of the Vulnerable Software and Affected Versions Product Delivery Date for WooCommerce – Lite versions through 3.2.0 Description The software contains a flaw related to incorrectly configured access control security levels, allowing unauthorized access. The issue is present in Product Delive...

CVE-2025-15204

CVE-2025-15204 affects SohuTV CacheCloud up to version 3.2.0, where the doQuartzList function in QuartzManageController.java is vulnerable to cross-site scripting. The vulnerability can be exploited remotely; exploitation details are publicly disclosed. Connected sources consistently describe the...

PT-2025-53695

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A security issue exists in SohuTV CacheCloud. This issue allows for cross site scripting, potentially exploitable from a remote location. The vulnerable component is the doAppAuditList functio...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

CVE-2025-10289

The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-9624 OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

CVE-2025-64322

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

EUVD-2025-35169

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

EUVD-2025-32082

Malicious code in bioql PyPI...

EUVD-2025-32051

Malicious code in bioql PyPI...

CVE-2025-58990

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems ShopLentor woolentor-addons allows Stored XSS.This issue affects ShopLentor: from n/a through = 3.2.0...