CLEANSTART-2026-VD70282 Security fixes for CVE-2025-11065, CVE-2025-15558, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-p436-gjf2-799p applied in versions: 1.27.1-r0, 1.27.7-r1

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10214-1 mupdf-1.27.1-1.1 on GA media

These are all security issues fixed in the mupdf-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-29857

An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link...

CVE-2025-59949

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-59949 FreshRSS has Logout CSRF that Leads to DoS via <track src>

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

PT-2025-52281

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-58173

FreshRSS (self-hosted RSS aggregator) is affected by a path traversal in the language configuration parameter that existed in versions 1.23.0–1.27.0. An unprivileged user could call install.php and perform administrative actions, including logging in as admin, creating a new admin user, or config...

EUVD-2025-201417

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

PT-2025-49257

Name of the Vulnerable Software and Affected Versions XWiki Remote Macros versions prior to 1.27.1 Description XWiki Remote Macros includes XWiki rendering macros designed for content migration from Confluence. Versions of the software prior to 1.27.1 execute Velocity code from details pages...

EUVD-2024-47490

Malicious code in bioql PyPI...

MongoDB Security Vulnerabilities

MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in the version of libbson prior to MongoDB C Driver 1.27.1, which stems from a buffer overflow vulnerability in bsonstringappend that results in memory corruption in adjace...

CVE-2023-22692

Cross-Site Request Forgery CSRF vulnerability in Jeroen Peters Name Directory plugin = 1.27.1 versions...

PT-2023-18637 · Unknown · Jeroen Peters Name Directory Plugin

Name of the Vulnerable Software and Affected Versions: Jeroen Peters Name Directory plugin versions 1.27.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

WordPress plugin Name Directory 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

TeslaMate 信息泄露漏洞

TeslaMate is an open source project, a self-hosted data logger for Tesla. A security vulnerability exists in TeslaMate version v1.27.1, which stems from a vulnerability that allows an attacker to obtain sensitive information by directly accessing the teslamate link...

PT-2023-22449 · Teslamate · Teslamate

Name of the Vulnerable Software and Affected Versions: Teslamate version 1.27.1 Description: An issue in Teslamate allows attackers to obtain sensitive information via directly accessing the teslamate link. Recommendations: For Teslamate version 1.27.1, at the moment, there is no information abou...

Design/Logic Flaw

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...