CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.3

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.3 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.10.3 release that simplify the process of...

EUVD-2026-32527

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

OPENSUSE-SU-2026:10390-1 tempo-cli-2.10.3-1.1 on GA media

These are all security issues fixed in the tempo-cli-2.10.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-50248

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

CVE-2025-69030

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through = 2.10.3...

CVE-2025-69030

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through = 2.10.3...

CVE-2025-69030

CVE-2025-69030 affects Backpack Traveler (Mikado-Themes) WordPress plugin/theme, with an Authorization Bypass Through User-Controlled Key vulnerability reported for Backpack Traveler variants up to 2.10.3. The Initial Description notes an access-control issue enabling bypass via a user-controlled...

WordPress plugin Backpack Traveler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-53911

Name of the Vulnerable Software and Affected Versions Mikado-Themes Backpack Traveler versions through 2.10.3 Description An authorization bypass exists in Mikado-Themes Backpack Traveler due to incorrectly configured access control security levels. This allows exploitation through a...

WordPress Better Messages plugin <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin BP Better Messages versions = 2.10.2...

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

EUVD-2024-51442

Malicious code in bioql PyPI...

EUVD-2022-1587

Malicious code in bioql PyPI...

CVE-2025-49588

Linkwarden 2.10.2 is affected by a Local File Inclusion-style vulnerability where unvalidated file:/// links are passed to parsers/playwright, potentially leaking other users’ links and, in some cases, environment secrets. The issue is mitigated by upgrading to version 2.10.3, which has a fix tha...

CVE-2025-47691

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through = 2.10.3...

WordPress plugin Ultimate Member 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress plugin Tabulate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

GHSA-46C3-5XC5-WWHV Apache Airflow: Sensitive configuration values are not masked in the logs by default

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...