Important: Red Hat Security Advisory: OpenShift Virtualization v4.20 Images

Red Hat OpenShift Virtualization release v4.20 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

CVE-2026-4334

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Versions 4.21.0.0 and 4.22.0.0 of Apache CloudStack contain security vulnerabilities. The...

EUVD-2026-23104

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context...

CVE-2026-3773 Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3773

CVE-2026-3773 : The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to an SQL Injection via the 'scan_id' parameter in all versions up to and including 4.20 . The root cause is insufficient escaping of user input and inadequate preparation of the existing SQL query. This ca...

CVE-2026-3773 Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

CVE-2026-33888

ApostropheCMS (Node.js) before version 4.29.0 is affected by an authorization bypass in the getRestQuery method of the @apostrophecms/piece-type module. An unauthenticated user can add a project query parameter in the REST API request, which is processed by applyBuildersSafely prior to permission...

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS 4.28.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by storage cross-site scripting vulnerabilities in SEO-related fields, which could lea...

WordPress Relevanssi plugin < 4.26.0 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Relevanssi versions 4.26.0...

EUVD-2025-206262

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...

CVE-2025-13151

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...

PT-2025-50061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This issue affects Kallyas: from n/a through = 4.22.0...

Perforce BlazeMeter Jenkins Plugin 安全漏洞

Perforce BlazeMeter Jenkins Plugin is a plugin from Perforce USA. A security vulnerability exists in Perforce BlazeMeter Jenkins Plugin versions prior to 4.27, which stems from improper privilege control and could lead to unauthorized access to a list of sensitive resources...

EUVD-2025-38093

Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through = 4.22.0...