Astra Linux - уязвимость в firefox, thunderbird, rust-regex

Regex is an implementation of regular expressions for the Rust language. The regex crate includes built-in measures to prevent denial-of-service attacks caused by untrusted regexes or untrusted inputs matched by trusted regexes. These measures already provide reasonable defaults to prevent attack...

WordPress Marijuana Age Verify plugin <= 1.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Marijuana Age Verify versions = 1.5.5...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/mobile-app NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

@saltcorn/admin-models (>=1.5.0 <=1.5.5-beta.0), @saltcorn/base-plugin (>=1.5.0 <=1.5.5-beta.0) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0 <=1.5.5-beta.0)

@saltcorn/data NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

PT-2026-32005

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

EUVD-2026-20427

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.5.5...

CVE-2026-39715 WordPress AnyTrack Affiliate Link Manager plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.5.5...

CVE-2026-39715

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.5.5...

CVE-2026-39715 WordPress AnyTrack Affiliate Link Manager plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.5.5...

PT-2026-31277

Name of the Vulnerable Software and Affected Versions AnyTrack Affiliate Link Manager versions through 1.5.5 Description A missing authorization issue exists in AnyTrack Affiliate Link Manager, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

WordPress plugin AnyTrack Affiliate Link Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Security Bulletin: IBM Rhapsody Systems Engineering is using langchain-0.3.30 which is vulnerable to CVE-2025-68665

Summary A security vulnerability was identified in the Langchain OSS package used in our product. The issue has been resolved by removing the vulnerable package and all LangChain-related dependencies from the codebase. Vulnerability Details CVEID:CVE-2025-68665 DESCRIPTION: LangChain is a framewo...

CVE-2026-32346

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through = 1.5.5...

CVE-2026-32346 WordPress Travel Agency theme <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through = 1.5.5...

PT-2026-25193

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through = 1.5.5...

EUVD-2026-4761

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

CVE-2025-67614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...

CVE-2026-24540

Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through = 1.5.6...

PT-2026-4387

Name of the Vulnerable Software and Affected Versions Prince Integrate Google Drive versions through 1.5.5 Description An authorization issue exists in Prince Integrate Google Drive’s integrate-google-drive component, allowing exploitation of incorrectly configured access control security levels...

CVE-2025-67614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...