CVE-2026-4420

Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

FreeImage 安全漏洞

FreeImage is a cross-platform open source library for supporting popular graphic image formats from the FreeImage open source. A security vulnerability exists in FreeImage version 3.18.0, which stems from post-release reuse of the loadRLE function in PluginTARGA.cpp...

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

CVE-2025-14437

The vulnerability CVE-2025-14437 affects the Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals plugin for WordPress. It enables unauthenticated access to sensitive data via the plugin’s request function, including Cloudflare API credentials, across all versions up to a...

CVE-2025-65803

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service DoS via supplying a crafted PSD file...

Linux Distros Unpatched Vulnerability : CVE-2020-21426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in function CIStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other...

SUSE: Security Advisory (SUSE-SU-2025:02818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-lang3 (SUSE-SU-2025:02818-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02818-1 advisory. - Update to version 3.18.0 - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead...

OESA-2025-2032 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

OESA-2025-1972 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

OESA-2025-1971 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

OPENSUSE-SU-2025:15347-1 apache-commons-lang3-3.18.0-1.1 on GA media

These are all security issues fixed in the apache-commons-lang3-3.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation Upgrade org.apache.commons:commons-lang3 to version...

AZL-65144 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

UBUNTU-CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

SUSE-SU-2025:20457-1 Security update for helm

This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...