PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

CVE-2026-40719

Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

K000160557: OpenSSL vulnerability CVE-2025-69418

Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...

PT-2026-28712

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0/3.5-turb Description A flaw exists in wandb OpenUI that allows information disclosure through error messages. The issue is located in the generic exception handler function within the backend/openui/server.py...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

CVE-2025-15468

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

CVE-2020-36957

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2026-24600

CVE-2026-24600 : Affects the WordPress plugin Penci Review by PenciDesign. Description and connected sources confirm a Stored Cross-Site Scripting (XSS) flaw in the plugin’s web page generation. Impact details in the sources indicate stored XSS could be triggered by improper neutralization of inp...

CVE-2026-24600 WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...

WordPress plugin Penci: Security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Astra Linux - уязвимость в openssl

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

CVE-1999-0409

Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access...

CVE-2024-2578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5...

WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...

CVE-2025-66094 WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5...

CVE-2025-66094

CVE-2025-66094 is a stored XSS in Yada Wiki (WordPress plugin) that is exploitable by an authenticated user (Contributor+). The Wordfence report lists the vulnerability as authenticated (Contributor+) Stored Cross-Site Scripting in Yada Wiki