Critical: Red Hat Security Advisory: Red Hat Developer Hub 1.9.4 release.

Red Hat Developer Hub 1.9.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Leaflet 安全漏洞

Leaflet is a lightweight interactive map development library developed by Volodymyr Agafonkin. Versions of Leaflet 1.9.4 and earlier contain security vulnerabilities; these vulnerabilities stem from the bindPopup method not properly cleaning user input, which may lead to cross-site scripting...

CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

CVE-2026-22821 mreporting affected by a SQLI on date change

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

CVE-2026-22821 mreporting affected by a SQLI on date change

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

CVE-2026-22821

CVE-2026-22821 affects the GLPI mreporting plugin (prior to 1.9.4). The vulnerability is an SQL injection triggered by a date change in mreporting, with potential impact to confidentiality (HIGH) and no impact to integrity/availability per the provided metrics. Upgrading to version 1.9.4 fixes th...

CVE-2026-22821

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

CVE-2026-22821 mreporting affected by a SQLI on date change

mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4...

More reporting GLPI plugin SQL注入漏洞

The More Reporting GLPI plugin is an open-source report generation plugin developed by GLPI Project Plugins. Versions of the More Reporting GLPI plugin prior to 1.9.4 contained a SQL injection vulnerability, which stemmed from SQL injection issues when date fields were modified...

CVE-2017-18528

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues...

GHSA-644F-HRFF-MF96 Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...

EUVD-2006-4943

Malware in sbrugna...

EUVD-2019-8552

Malware in sbrugna...

EUVD-2025-25151

Malicious code in bioql PyPI...

EUVD-2024-54919

Malicious code in bioql PyPI...

EUVD-2023-1454

Malicious code in bioql PyPI...

EUVD-2025-20093

Malicious code in bioql PyPI...

CVE-2025-58602 WordPress If-So Dynamic Content Personalization Plugin <= 1.9.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.4...