344 matches found
Astra Linux – Vulnerability in JQuery
In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...
VMware Spring Boot 信任管理问题漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities related to trust management in versions of VMware Spring Boot 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, and 3.4.0 to 3.4.16. These vulnerabilities stem from the automatic email...
CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
CVE-2026-39884
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
CVE-2026-39884
The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...
CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
RGui 代码问题漏洞
RGui is a web interface system for cloud platform management and resource visualization operations by The R Foundation. Version RGui 3.5.0 has a code vulnerability; this vulnerability stems from a local buffer overflow in the GUI preferences dialog box, which may allow arbitrary code to be execut...
Guardian 安全漏洞
Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from unshaded JavaScript execution within custom logic policy blocks in the worker threads, which...
DEBIAN-CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CLEANSTART-2026-UB49656 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.5.0-r0, 3.5.0-r1
Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CVE-2026-29075 Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...
TÜBİTAK BİLGEM Liderahenk 访问控制错误漏洞
TÜBİTAK BİLGEM Liderahenk is a central management system of the Turkish company TÜBİTAK BİLGEM. Versions 3.3.1 and earlier, including 3.5.0, had access control vulnerabilities due to the lack of authentication for key functions, which could lead to remote code execution...
PT-2026-20269
Name of the Vulnerable Software and Affected Versions Liderahenk versions 3.0.0 through 3.3.1 Description A missing authentication check for a critical function in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows for Remote Code Inclusion. The issue impacts the software’s...
CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...
CVE-2025-15521
The CVE-2025-15521 entry describes an unauthenticated privilege-escalation in the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, affecting versions up to 3.5.0. The root cause is improper identity validation during password updates: the reset handler accepts a publicly expose...
EUVD-2026-3698
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...