CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

CVE-2026-0559

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmlmscoursesgriddisplay' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escaping o...

PT-2026-8063

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm lms courses grid display' shortcode in all versions up to, and including, 3.7.11 due to insufficient input sanitization and output escapi...

MiracleLinux 3 : lftp-3.7.11-4AXS3 (AXSA:2009-390:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-390:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

EUVD-2025-28312

Malicious code in bioql PyPI...

Northern.tech Mender Server 安全漏洞

Northern.tech Mender Server is an IoT server-side software from Northern.tech, USA. A security vulnerability exists in Northern.tech Mender Server versions prior to 3.7.11 and prior to 4.0.1 that stems from improper access control...

CVE-2024-12133 affecting package gnutls for versions less than 3.7.11-2

CVE-2024-12133 affecting package gnutls for versions less than 3.7.11-2. A patched version of the package is available...

BIT-PYTHON-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

CVE-2023-50828

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11...

PT-2023-31659 · WordPress · The Ultimate Dashboard – Custom Wordpress Dashboard

Name of the Vulnerable Software and Affected Versions: Ultimate Dashboard – Custom WordPress Dashboard versions 3.7.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an...

Python < 3.6.14, 3.7.x < 3.7.11, 3.8.x < 3.8.9, 3.9.x < 3.9.3 (bpo-43285) - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python urllib.parse Vulnerability (bpo-43882) - Mac OS X

Python is prone to a vulnerability urllib.parse. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Python < 3.6.14, 3.7.x < 3.7.11, 3.8.x < 3.8.9, 3.9.x < 3.9.3 Python Issue (bpo-42988) - Mac OS X

Python is prone to an information disclosure vulnerability via pydoc getfile. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Spree Authorization Issues Vulnerability

Spree is a personal developer of an open source mall developed using Ruby on Rails. An authorization issue vulnerability exists in Spree version 3.7.11, version 4.0.4, and versions prior to 4.1.11, which stems from an expired user token that can be used to access the storefront API v2 endpoint. A...