GHSA-W37P-236H-PFX3 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

EUVD-2026-21690

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

PT-2026-32129

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step node/mcp node/impl/base mcp node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

PT-2026-21665

Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery WordPress plugin versions prior to 2.6.1 Description The software contains a flaw in its regex replacement rules that allows for an Unauthenticated Stored-XSS attack. This occurs when a malicious link is posted as...

Security Bulletin: NVIDIA NeMo Framework - February 2026

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.6.1 or later from NVIDIA/NeMo Framework on NVIDIA GitHub or pypi. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilitie...

CVE-2025-32452

Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

DEBIAN-CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

WordPress Groundhogg plugin <= 4.2.6.1 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Groundhogg versions = 4.2.6.1...

CVE-2025-62984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through = 2.6.1...

JLSEC-2025-61 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP-Player versions = 2.6.1...

WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Payflex Payment Gateway versions = 2.6.1...

WordPress plugin Custom Field Template security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Custom Field Template security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PrusaSlicer 安全漏洞

PrusaSlicer is a 3D printing data processing software. A security vulnerability exists in PrusaSlicer 2.6.1 and earlier versions, which stems from an arbitrary code execution vulnerability in the g-code export function...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop newsletterpop versions prior to 2.6.1, which stems from a...

SUSE CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

Denial of Service (DoS)

Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be parsed. PoC js var pdfReader =...