CVE-2026-41178

CVE-2026-41178 affects OpenTelemetry-Go baggage parsing. The issue arises from removal of raw-length rejection in baggage header parsing, causing Parse to fully process very large or invalid baggage headers and log errors, enabling potential DoS via CPU/memory and log amplification. Concrete deta...

EUVD-2026-32745

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

CVE-2026-9015 Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX Action

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Accessibility Issue Modification vulnerability discovered by w1zard in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.0...

CVE-2025-6589

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...

UBUNTU-CVE-2025-6589

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. MediaWiki versions 1.42.0 and later contain security vulnerabilities, which stem...

Fedora 43 : buildah (2025-8f97b687c8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8f97b687c8 advisory. Rebuild for security fixes in golang. ---- bump to v1.42.0 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is available...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

Plex Media Server 1.41.7.x - 1.42.0.x Resource Transfer Vulnerability

Plex Media Server is prone to an incorrect resource transfer vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

WordPress plugin Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2022-1941 affecting package grpc 1.42.0-11

CVE-2022-1941 affecting package grpc 1.42.0-11. This CVE either no longer is or was never applicable...

CVE-2022-4904 affecting package grpc 1.42.0-11

CVE-2022-4904 affecting package grpc 1.42.0-11. This CVE either no longer is or was never applicable...

Veertu Anka Build 路径遍历漏洞

Veertu Anka Build is a centralized dashboard from Veertu. A path traversal vulnerability exists in Veertu Anka Build version 1.42.0, which stems from the fact that a specially constructed HTTP request can lead to the disclosure of arbitrary files...

PT-2024-29635 · Veertu · Veertu Anka Build

Name of the Vulnerable Software and Affected Versions: Veertu Anka Build version 1.42.0 Description: A directory traversal vulnerability exists in the log files download functionality. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an...

Veertu Anka Build 路径遍历漏洞

Veertu Anka Build is a centralized dashboard from Veertu. A path traversal vulnerability exists in Veertu Anka Build version 1.42.0, which stems from the fact that a specially constructed HTTP request can lead to the disclosure of arbitrary files...

GHSA-WCX3-63MM-H8X6 MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.42.0. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the Hooks class...

CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...