CVE-2026-6344

CVE-2026-6344 affects the WordPress Fluent Forms plugin (versions ≤ 6.2.1). The vulnerability arises in EmailNotificationActions::getAttachments() where attacker-supplied file-upload URLs are resolved to filesystem paths without strictly enforcing the uploads directory boundary. Path traversal se...

EUVD-2026-20899

fast-jwt has a ReDoS when using RegExp in allowed leading to CPU exhaustion during token verification...

CVE-2026-35040

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...

RHSA-2026:5611 Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.1 release and security update

Bulletin has no description...

CVE-2025-15595

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions...

CVE-2025-15595 Privilege escalation via dll hijacking in Inno Setup

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

PT-2025-49878

Name of the Vulnerable Software and Affected Versions Webba Booking versions through 6.2.1 Description A missing authorization issue exists in Webba Appointment Booking Webba Booking webba-booking-lite. The issue involves exploiting incorrectly configured access control security levels...

EUVD-2025-3908

Malicious code in bioql PyPI...

EUVD-2024-0909

Malicious code in bioql PyPI...

EUVD-2024-35561

Malicious code in bioql PyPI...

CVE-2025-58620

CVE-2025-58620 : WordPress PDF for WPForms plugin is affected by a stored XSS due to improper input neutralization during web page generation. Affected software is the PDF for WPForms plugin for WordPress (plugin name: PDF for WPForms; vulnerable versions include

WordPress plugin PDF for WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

PT-2025-35753

Name of the Vulnerable Software and Affected Versions: PDF for WPForms versions through 6.2.1 Description: The software contains a cross-site scripting XSS vulnerability due to improper neutralization of input during web page generation. This allows for stored XSS attacks. Recommendations: Update...

Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)

Summary Apache Commons Compress jar vulnerabilities are impacting IBM Sterling Control Center v6.3.1 and v6.2.1. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons...

CVE-2024-35114

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts...

PT-2025-2427 · Ibm · Ibm Control Center

Name of the Vulnerable Software and Affected Versions: IBM Control Center versions 6.2.1 through 6.3.1 Description: The issue is related to the exposure of sensitive information through directory listing in the IBM Control Center system. This could allow a remote attacker to gain unauthorized...

PT-2025-2425 · Ibm · Ibm Control Center

Name of the Vulnerable Software and Affected Versions: IBM Control Center versions 6.2.1 through 6.3.1 Description: The issue is related to the formation of error reports in the IBM Control Center system, which could allow a remote attacker to obtain sensitive information when a detailed technica...

PT-2025-5530 · Unknown · Herd Effects

Name of the Vulnerable Software and Affected Versions: Herd Effects versions through 6.2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions through 6.2.1, update t...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...