CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

CVE-2026-34754 MantisBT allows unauthorized users to upload attachments to restricted issues via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...

EUVD-2026-17325

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘updatehref’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2026-28276

creationtimestamp| type| source ---|---|--- 2026-02-27 07:01:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mft5bgfs4b2n 2026-02-27 23:20:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfutx7zcfx2w...

UBUNTU-CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46705

CVE-2025-46705 affects Entr'ouvert Lasso (notably 2.5.1 and 2.8.2). A malformed SAML assertion/response can trigger denial of service. Connected advisories (Debian, openSUSE/SUSE, Ubuntu) confirm multiple Lasso CVEs (including 46404, 46784, 47151) with fixes in various package versions (e.g., Deb...

Entr'ouvert Lasso lasso_node_impl_init_from_xml type confusion vulnerability

Talos Vulnerability Report TALOS-2025-2193 Entr'ouvert Lasso lassonodeimplinitfromxml type confusion vulnerability November 5, 2025 CVE Number CVE-2025-47151 SUMMARY A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A special...

EUVD-2025-30628

Malicious code in bioql PyPI...

CVE-2023-32826

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544...

CVE-2024-9178

The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

apache-airflow-providers-smtp (>=1.0.0rc1 <=1.8.1rc1) potentially affected by CVE-2024-29735 via apache-airflow (=2.8.2)

apache-airflow PYPI version =2.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-providers-smtp =1.0.0rc1, =1.8.1rc1 Source cves: CVE-2024-29735 Source advisory: OSV:GHSA-CFF3-5QRP-HQX7...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions 2.8.2 through 2.8...

WordPress plugin Permalinks Customizer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...