CVE-2026-48523

PyJWT vulnerability affecting versions 2.9.0–2.12.1 where verifier-side algorithm allow-list bypass occurs when decoding with a PyJWK/PyJWKClient key. The token header’s alg is checked against the caller-supplied allow-list, but the signature is verified using the algorithm bound to the PyJWK obj...

CVE-2026-48524 PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

BIT-JAVA-2025-27113

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

CVE-2026-27383 WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through = 2.13...

CVE-2026-27382

RadiusTheme Metro metro (≤ 2.13) is reported to be vulnerable to DOM-based XSS in web page generation. The CVE entry describes Cross-Site Scripting in Metro with this version range; patch/mitigation details are not provided in the supplied documents. Some sources list the issue as unpatched.

WordPress plugin Metro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Important: Red Hat Security Advisory: Moderate: Red Hat Advanced Cluster Management for Kubernetes v2.13.5 security update

Red Hat Advanced Cluster Management for Kubernetes 2.13 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.13 images Red Hat Advanced Cluster Management for Kubernetes provides...

PT-2025-52002

Name of the Vulnerable Software and Affected Versions AncoraThemes ShieldGroup versions through 2.13 Description The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. The issue is present in...

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

EUVD-2011-1109

Malware in sbrugna...

EUVD-2024-47713

Malicious code in bioql PyPI...

EUVD-2022-41776

Malicious code in bioql PyPI...

WordPress Booklovers Theme <= 2.13 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Booklovers versions = 2.13...

Linux Distros Unpatched Vulnerability : CVE-2022-39269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP med...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2025-23465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magent Vampire Character Manager vampire-character allows Reflected XSS.This issue affects Vampire Character Manager: from n/a through = 2.13...

CVE-2025-23465 WordPress Vampire Character Manager plugin <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Vampire Character Manager allows Reflected XSS. This issue affects Vampire Character Manager: from n/a through 2.13...

WordPress plugin NotFound Vampire Character Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...