CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

CVE-2026-27329

The CVE concerns WordPress YITH WooCommerce Wishlist plugin (versions

CVE-2026-39651

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

EUVD-2026-20317

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

CVE-2026-39651

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...

PT-2026-28545

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions 4.12.0 through 4.15.9 Description The Gematik Authenticator, used for secure user authentication in digital health applications, has a flaw on Mac OS systems. Opening a specially crafted file can lead to remote...

CVE-2026-27044

Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...

PT-2026-27964

Name of the Vulnerable Software and Affected Versions Total Poll Lite versions through 4.12.0 Description A code injection issue exists in Total Poll Lite, allowing for remote code inclusion. The issue is due to improper control of code generation. Recommendations Update Total Poll Lite to a...

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29192 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

CVE-2026-29191 ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

Dependency-Track Front-End 跨站脚本漏洞

Dependency-Track Front-End is a Dependency-Track open source front-end UI for dependency tracking. A cross-site scripting vulnerability exists in Dependency-Track Front-End versions 4.12.0 through prior to 4.13.6, which stems from improper HTML cleanup and could lead to arbitrary JavaScript...

EUVD-2024-40245

Malicious code in bioql PyPI...

EUVD-2023-12660

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

CVE-2025-53644 OpenCV contains a use after free buffer write due to an uninitialized pointer

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

CVE-2024-43356

Cross-Site Request Forgery CSRF vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0...

Domainmod 安全漏洞

Domainmod is a PHP and MySQL based open source application from the Domainmod community for managing centrally located domain names and other Internet assets. A security vulnerability exists in Domainmod prior to version v4.12.0, which stems from a JavaScript code injection issue contained in the...