Relative Path Traversal

Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

EUVD-2026-26351

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

EUVD-2026-9693

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Invetex invetex allows PHP Local File Inclusion.This issue affects Invetex: from n/a through = 2.18...

WordPress Invetex theme <= 2.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Invetex versions = 2.18...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-42615 Improper Restriction of Excessive Authentication Attempts vulnerability in CIRCL Vulnerability-Lookup

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

CVE-2019-14494 affecting package cppcheck for versions less than 2.18.3-1

CVE-2019-14494 affecting package cppcheck for versions less than 2.18.3-1. An upgraded version of the package is available that resolves this issue...

OPENSUSE-SU-2025:15638-1 ansible-core-2.18-2.18.10-2.1 on GA media

These are all security issues fixed in the ansible-core-2.18-2.18.10-2.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-31699

Malicious code in bioql PyPI...

WordPress plugin GutenBee 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

TensorFlow 安全漏洞

TensorFlow is a suite of end-to-end open source platforms for machine learning open-sourced by TensorFlow. A security vulnerability exists in TensorFlow version v2.18.0, which stems from a denial of service attack when padding is set to VALID in tf.keras.layers.Conv2D...

CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...

CVE-2025-46226 WordPress MPL-Publisher <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0...

WordPress Crypto plugin <= 2.18 - Authentication Bypass via register vulnerability

Authentication Bypass via register vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.18...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.18.0 and prior versions, which stems from the inability to disable the autocomplete feature at login...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool CVAT versions prior to 2.18.0 that originates from an attacker with a CVAT account having access to any...

PT-2024-38079 · Spina Cms · Spina Cms

Name of the Vulnerable Software and Affected Versions: Spina CMS version 2.18.0 Description: A problematic vulnerability was found in Spina CMS, affecting an unknown functionality of the file /admin/media folders. This leads to cross-site request forgery. The attack can be launched remotely. The...