CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...

PT-2026-43068

Name of the Vulnerable Software and Affected Versions hackney versions 0.10.0 through 4.0.0 Description Uncontrolled Resource Consumption in the SOCKS5 transport within src/hackney socks5.erl allows flooding. While the caller-supplied timeout is applied during the SOCKS5 negotiation phase, the...

Astra Linux - уязвимость в python-django

In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...

CLEANSTART-2026-TX96881 Security fixes for CVE-2024-6763, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r2

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

CVE-2026-4799

In Search Guard FLX up to version 4.0.1, a vulnerability allows open redirection via specially crafted requests to route users to an untrusted URL. This is documented across CVE listings (CVE-2026-4799). The available sources describe the issue but do not provide exploit code or detailed remediat...

PT-2026-29273

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

CVE-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

EUVD-2026-9646

Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through 4.0.1...

ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15), be.ugent.idlab.knows:dataio (>=2.0.0 <=2.2.0) +190 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=3.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =3.0.0, =1.5.8, =2.0.0, =1.0, =1.14, =1.1, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.3.0, =0.4.4 and more Source cves: CVE-2026-3293 Source advisory: OSV:GHSA-GX6C-PV62-9MCF...

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-67979

CVE-2025-67979 affects the WordPress plugin WPForms Google Sheet Connector (gsheetconnector-wpforms) up to version 4.0.1. The vulnerability is described as an improper control of generation of code (Code Injection) that enables remote code execution (RCE). Public sources in the connected data ide...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

CVE-2025-67979 WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

PT-2026-21052

Name of the Vulnerable Software and Affected Versions WPForms Google Sheet Connector versions through 4.0.1 Description A code injection issue exists in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms. The issue involves improper control of code generation, potentially allowing...

ASTPP 安全漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a security vulnerability. This vulnerability stems from information leakage, and it could allow unverified attackers to download database backup files by predicting the file name pattern...

GHSA-CJW8-79X6-5CJ4 jsPDF has Shared State Race Condition in addJS Plugin

Impact The addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the...

jsPDF has Shared State Race Condition in addJS Plugin

Impact The addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the...