ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +277 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.8.2)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

PT-2026-20912

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.8.2 Description ChurchCRM is an open-source church management system. An authenticated user with permission to edit groups could store a JavaScript payload that would execute when the group was viewed in the Group...

BIT-WORDPRESS-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to...

WordPress <= 6.8.2 Multiple Vulnerabilities (Sep 2025) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

CVE-2025-58246 WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to...

CVE-2025-58246

Summary of CVE-2025-58246 : WordPress core contains an information-disclosure vulnerability described as “Insertion of Sensitive Information Into Sent Data.” It affects WordPress releases across many major versions (as listed in advisories) and can lead to retrieval of embedded sensitive data by ...

PT-2025-39206

Name of the Vulnerable Software and Affected Versions WordPress versions through 6.8.2 Description A flaw exists in Automattic WordPress that allows for Stored Cross-site Scripting XSS. An attacker with Author or higher user privileges can exploit this issue. The vulnerability stems from improper...

CVE-2022-1241

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues...

CVE-2020-5832

Symantec Data Center Security Manager Component, prior to 6.8.2 aka 6.8 MP2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected...

[SECURITY] Fedora 40 Update: qt6-qtwebengine-6.8.2-4.fc40

Qt6 - QtWebEngine components...

SUSE CVE-2019-7614

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user...

PT-2021-11867 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: Newsletter plugin versions prior to 6.8.2 for WordPress Description: A Reflected Authenticated Cross-Site Scripting XSS issue allows remote attackers to trick a victim into submitting a tnpc render AJAX request. This request can contain eithe...

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Newsletter < 6.8.2 - Authenticated PHP Object Injection

The ‘restoreoptionsfromrequest‘ function called by the AJAX function ‘tnpcrendercallback‘ runs ‘unserialize’ directly on ‘$options'inlineedits'’ which is provided by user input in the $POST‘options’ parameter. This creates the potential for an Object Injection vulnerability. For example, a user...

Broadcom Symantec Data Center Security Manager Component Elevation of Privilege Vulnerability

Broadcom Symantec Data Center Security Manager Component is a data protection solution from Broadcom, Inc. A security vulnerability exists in Broadcom Symantec Data Center Security Manager Component versions prior to 6.8.2. An attacker could exploit this vulnerability to gain elevated privileges...

Kibana < 6.8.2 Multiple Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is prior to 6.8.2 or 7.x prior to 7.2.1. It is, therefore, affected by : - A prototype pollution vulnerability in lodash. CVE-2019-10744 - A server-side request forgery SSRF vulnerability in the...

Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Windows

Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2019-18666 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.2.1 Elasticsearch versions prior to 6.8.2 Description: A race condition flaw was found in the response headers returned by Elasticsearch. On a system with multiple users submitting requests, it could be...