CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

CVE-2026-41074

CVE-2026-41074 affects RT (Resource Tracker) versions 6.0.0–6.0.2, where a Cross-Site Request Forgery (CSRF) vulnerability exists. An attacker who lures a logged-in RT user to visit a malicious page can trigger arbitrary state-changing actions in RT on that user’s behalf. The issue is fixed in RT...

OPENSUSE-SU-2026:10189-1 libowncloudsync-devel-6.0.3-1.1 on GA media

These are all security issues fixed in the libowncloudsync-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-22881

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-based OA office system developed by Cybozu. This system provides functions such as portals, email, bookmarks, calendar management, bulletin boards, and file management. Versions of Cybozu Garoon from 5.15.0 to 6.0.3 had a cross-site scripting vulnerability. This...

CVE-2025-69082

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through = 6.0.3...

WordPress plugin Arlo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2026-1647

Name of the Vulnerable Software and Affected Versions Frenify Arlo versions through 6.0.3 Description A flaw exists in Frenify Arlo that allows for Reflected Cross-site Scripting XSS. This issue arises from improper input validation during web page generation. The vulnerability could potentially...

CVE-2025-66511

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

EUVD-2025-201444

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

EUVD-2004-2432

Malware in sbrugna...

EUVD-2021-0640

Malware in sbrugna...

EUVD-2025-17512

Malicious code in bioql PyPI...

EUVD-2024-49327

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. CVE-2020-8167 Note that Nessus...

WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...

CVE-2025-39475

Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through = 6.0.3...

CVE-2025-39475

CVE-2025-39475 affects the WordPress Arlo plugin/theme up to version 6.0.3, with an unauthenticated path traversal that enables PHP local file inclusion. Public sources indicate this is currently unpatched (per Wordfence details for Arlo ≤ 6.0.3). The CNVD entry describes the same path traversal ...

CVE-2024-5061

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapperclass’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2024-33920

Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3...