Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.7 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

GHSA-J2Q8-XX3Q-8FQH Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

CVE-2026-41081

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

Apache Storm 授权问题漏洞

Apache Storm is an open-source distributed real-time computing system developed by the Apache Foundation in the United States using the concurrent programming language Clojure. Versions of Apache Storm 2.8.7 and earlier contained an authorization vulnerability. This vulnerability stemmed from...

WordPress Video gallery and Player plugin <= 2.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Video gallery and Player versions = 2.8.7...

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 aka CNVD-2020-26585, which carries a CVSS score of 9.4 out of 10.0. It relates to a...

CVE-2020-37054

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

Naviwebs Navigate CMS Cross-Site Request Forgery Vulnerability

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a cross-site request forgeing vulnerability. This vulnerability stems from the extended upload feature, which allows for cross-site request forgery,...

PT-2026-5490

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 contains an authenticated SQL injection issue that allows attackers to obtain database information by manipulating the sidx parameter within comments. Attackers can exploit this to...

Naviwebs Navigate CMS SQL Injection Vulnerability

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a SQL injection vulnerability. This vulnerability stems from the sidx parameter in the comments, which allows for SQL injections, potentially leadin...

Gin-vue-admin 代码问题漏洞

Gin-Vue-Admin is flipped-aurora open source development based on Vue and Gin a full-stack before the development of basic platform . Gin-vue-admin v2.8.7 and earlier versions of the code problem vulnerability , the vulnerability stems from the existence of path traversal in the upload function of...

CVE-2025-63034

Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...

EUVD-2025-201988

Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.8.7...

CVE-2025-63034 WordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerability

Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin Ad Inserter – Ad Manager & AdSense Ads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-36010

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through = 2.8.7...

CVE-2025-62931

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through = 2.9...

CVE-2025-62931 WordPress MSN Partner Hub plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through = 2.9...