EulerOS Virtualization 2.12.1 : openssl (EulerOS-SA-2026-2083)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

Unity Linux 20.1060e / 20.1070e Security Update: xerces-j2 (UTSA-2026-016680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016680 advisory. There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser t...

EulerOS Virtualization 2.12.1 : aide (EulerOS-SA-2026-1415)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability i...

[SECURITY] Fedora 42 Update: LabPlot-2.12.1-11.fc42

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

EUVD-2022-53174

Malicious code in bioql PyPI...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation due to the Browse method using URLs provided through API responses from authenticated GitHub hosts when users execute gh commands. An attacker in control of a malicious GitHub server can execute arbitrary comman...

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

WordPress plugin Porto Theme - Functionality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability i...

CVE-2024-43143

Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1...

WordPress plugin Registrations for the Events Calendar 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Football Pool Plugin <= 2.11.10 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.10 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 286c38961ee5 Credits Ananda Dhakal Patchstack Required...

jsonic was discovered to contain a prototype pollution via the function empty.

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Apache JSPWiki 跨站脚本漏洞

Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in Apache JSPWiki 2.12.1 and earlier versions, which stems from the application's lack of effective filtering and escapi...

Apostrophe sanitize-html security vulnerability

Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html versions prior to 2.12.1. An attacker exploited the vulnerabilit...

PJSIP: Multiple Vulnerabilities

Background PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Description Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced belo...

PT-2022-4400 · Unknown +4 · Freetype Demo Programs +4

Name of the Vulnerable Software and Affected Versions: FreeType Demo Programs versions 2.12.1 and earlier Description: The issue is related to a heap-based buffer overflow in the ftbench.c file of FreeType Demo Programs. This overflow occurs during font processing and can be exploited to execute...

CVE-2021-3583 affecting package ansible for versions less than 2.12.1-1

CVE-2021-3583 affecting package ansible for versions less than 2.12.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-20228 affecting package ansible for versions less than 2.12.1-1

CVE-2021-20228 affecting package ansible for versions less than 2.12.1-1. An upgraded version of the package is available that resolves this issue...

PT-2022-2569

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions 2.12.1 Description: The issue concerns an authentication bypass vulnerability in Apache APISIX, where an attacker can exploit the batch-requests plugin to send requests and bypass the IP restriction of the Admin API. Th...

Infinite Loop in Apache Xerces Java

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...