CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

EUVD-2025-210041

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through version 1.12.0. There is a heap-based buffer over-read in the function H5Olayoutdecode, located in H5Olayout.c. This allows an attacker to cause a Denial of Service attack...

CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

CVE-2026-32794

CVE-2026-32794: Improper Certificate Validation in Apache Airflow Provider for Databricks (affected: Apache Airflow Provider for Databricks 1.10.0 – 1.11.x; fixed in 1.12.0). Root cause: provider code does not validate TLS certificates when connecting to the Databricks back-end, enabling a man-in...

CVE-2025-70059

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

EUVD-2025-208429

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...

EUVD-2025-208416

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

EUVD-2025-208415

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

CVE-2025-70059

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for management purposes. Version 1.12.0 of Sean1025 YMFE YApi contains security vulnerabilities, which stem from improper input during web page generation...

PT-2026-24071

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description An issue exists related to uncontrolled resource consumption, allowing attackers to cause a denial of service. The issue affects YMFE yapi version 1.12.0. Recommendations At the moment, there is no...

CVE-2025-70059

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

PT-2026-24080

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description An issue exists due to improper neutralization of input during web page generation. This allows for potential cross-site scripting XSS attacks. The issue is related to CWE-79. Recommendations At the moment,...

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

PT-2026-21525

Name of the Vulnerable Software and Affected Versions YMFE yapi version 1.12.0 Description The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests. This can lead to man-in-the-middle attacks where a malicio...

Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration that allows several server functions to execute in an SFTP session after the user account has been deleted or its password changed. A user can maintain unexpected access to the server by keeping an SFTP...

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version1.12.0.Users are recommended to upgrade to version 1.12.1 or...

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...