CVE-2026-9509

CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...

PT-2026-40330

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin ListingPro versions = 2.9.10...

CVE-2025-64378

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...

CVE-2025-64376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...

CVE-2025-64377 WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...

CVE-2025-64378 WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...

CVE-2025-64376

CVE-2025-64376 affects the WordPress ListingPro theme (and ListingPro listings) prior to version 2.9.10. The root cause is improper neutralization of input during web page generation, allowing Reflected XSS. The entry cites a CVSS v3.1 base score of 7.1 (HIGH) with network access, low attack comp...

WordPress plugin ListingPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin ListingPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

JLSEC-2025-67 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

EUVD-2025-33561

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.9.10 and earlier, which stems from improper privilege inheritance in the user type handling component in the file app/Http/Controllers/AccessLevelController.php, which could...

EUVD-2025-16670

Malicious code in bioql PyPI...

[SECURITY] [DLA 4319-1] libxml2 security update

Debian LTS Advisory DLA-4319-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 30, 2025 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.10+dfsg-6.7+deb11u9 CVE ID : CVE-2025-9714 CVE-2025-7425 Debian Bug : 1109122 Two security issues were foun...

OESA-2025-1750 mod_security security update

Security Fixes: A vulnerability was found in OWASP ModSecurity up to 2.9.9. It has been declared as critical.The manipulation of the argument sanitiseArg/sanitizeArg with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-1050. The product has a loop bod...

DEBIAN-CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

OESA-2025-1676 mod_security security update

Security Fixes: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action...

Amazon Linux 2 : mod_security (ALAS-2025-2887)

The version of modsecurity installed on the remote host is prior to 2.9.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2887 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions...

OPENSUSE-SU-2025:15197-1 apache2-mod_security2-2.9.10-1.1 on GA media

These are all security issues fixed in the apache2-modsecurity2-2.9.10-1.1 package on the GA media of openSUSE Tumbleweed...