BIT-GDAL-2026-8087 OSGeo gdal GDapi.c GDnentries heap-based overflow

A security flaw has been discovered in OSGeo gdal up to 3.13.0. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploi...

ROS-20260505-73-0059

Vulnerability in python3.13 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Important: python3.13

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

CVE-2025-65734

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-65734

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000694 advisory. The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended...

CVE-2025-27725

Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially...

CVE-2025-12921

OpenClinica Community Edition vulnerable to XML injection in CRF Data Import, via /ImportCRFData?action=confirm with manipulated xml_file. Affected versions: up to 3.12.2/3.13. Attacker could exploit remotely; exploit has been disclosed publicly. Remediation is to upgrade to a newer release (vers...

PT-2025-45583

Name of the Vulnerable Software and Affected Versions OpenClinica Community Edition versions up to 3.12.2/3.13 Description A flaw exists in OpenClinica Community Edition that allows for XML injection. This issue is related to the processing of the xml file argument within the...

PT-2025-41812

Name of the Vulnerable Software and Affected Versions text-generation-webui versions through 3.13 Description text-generation-webui is a web interface for running Large Language Models. A Local File Inclusion issue exists in the character picture upload feature. An attacker can upload a text file...

CVE-2024-3034

The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the...

WordPress BackUpWordPress plugin <= 3.13 - Authenticated (Admin+) Directory Traversal vulnerability

Authenticated Admin+ Directory Traversal vulnerability discovered by dk0pf - Plumeria Lab in WordPress Plugin BackUpWordPress versions = 3.13...

PT-2024-22531 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to, and including, 3.13 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query in the...

WordPress Media Library Assistant Plugin <= 3.13 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2871 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35f3b6344141 Credits stealthcopter Required privilege Contributor...

VulnCheck KEV: CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

WordPress plugin CopySafe Web Protection 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-33498 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.13 through v6.0.18 Description: The issue concerns potential resource leaks in the NFC component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v3.13...

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat versions 3.11, 3.12, and 3.13. The vulnerability could lead to unauthenticated NoSQL injection. No details of the vulnerability are provided at this time...

PT-2021-15259 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 3.13 Rocket.Chat version 3.12.2 Rocket.Chat version 3.11.3 Description: An information disclosure issue exists in the Rocket.Chat server that allows email addresses to be disclosed through enumeration and...

CVE-2019-4718

IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123...