CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

CVE-2026-32518 WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through 3.8...

CVE-2025-47911 affecting package helm for versions less than 3.14.2-10

CVE-2025-47911 affecting package helm for versions less than 3.14.2-10. A patched version of the package is available...

CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3

CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3. A patched version of the package is available...

CVE-2025-67913

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through 3.0.3...

CVE-2025-48089 WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

CVE-2025-59012 WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.3...

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

Drupal Klaro Cookie & Consent Management module < 3.0.7 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Klaro Cookie & Consent Management versions 3.0.7...

CVE-2025-40568

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.2, SCALANCE XCH328 6GK5328-4TS01-2EC2 All versions V3.2, SCALANCE XCM324 6GK5324-8TS01-2AC2 All versions V3.2, SCALANCE XCM328 6GK5328-4TS01-2AC2 All versions V3.2, SCALANCE XCM332 6GK5332-0GA01-2AC2 All...

CVE-2023-32739

Cross-Site Request Forgery CSRF vulnerability in WebTrendy WP Custom Cursors | WordPress Cursor Plugin plugin 3.2 versions...

CVE-2012-4742

The webnoderegister function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors...

AZL-48114 CVE-2024-8088 affecting package python3 for versions less than 3.9.19-5

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

CVE-2024-39568

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker...

WordPress WP Customer Reviews plugin < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection vulnerability

Malicious Redirect via HTTP-EQUIV Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Customer Reviews versions 3.7.1...

AZL-39004 CVE-2023-45288 affecting package helm for versions less than 3.15.2-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2022-4057 Autoptimize < 3.1.0 - Sensitive Data Disclosure

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs...

DEBIAN-CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...