PT-2026-4401

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Contact Form 7 HubSpot versions n/a through 1.4.3 Description The CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot contains a flaw that allows retrieval of embedded sensitive data. This issue relates to th...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), @0xgasless/agent-sdk (>=0.1.1 <=0.1.2) +1341 more potentially affected by CVE-2025-68665 via @langchain/core (>=1.0.1 <=1.1.8-dev-1766775128110)

@langchain/core NPM version =1.0.1, =0.1.0-dev.0de2bc6, =0.1.1, =1.0.0, =0.1.0, =0.0.1-alpha.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =1.43.5 - @adminforth/completion-adapter-open-ai-chat-gpt =2.0.21 and more Source cves: CVE-2025-68665 Source advisory: OSV:GHSA-R399-636X-V7F6...

EUVD-2022-42715

Malicious code in bioql PyPI...

EUVD-2024-32755

Malicious code in bioql PyPI...

CVE-2024-57336

Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access...

CVE-2025-47512

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through = 0.21.14...

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

CVE-2024-6446

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...

CVE-2025-31871

CVE-2025-31871 corresponds to an Open Redirect vulnerability in the WordPress plugin WP Clone any post type (

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

CVE-2024-13284 Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048

Cross-Site Request Forgery CSRF vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5...

0.extends.whistle (=1.0.65), @alola-react/plugin-proxy (=0.0.1) +24 more potentially affected by CVE-2024-55500 via whistle (>=0.1.0-beta <=2.9.85-beta)

whistle NPM version =0.1.0-beta, =0.1.21-alpha, =0.0.1, =0.0.0-alpha.202201181327, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =1.2.0 and more Source cves: CVE-2024-55500 Source advisory: OSV:GHSA-GG6X-448Q-PQQM...

GHSA-JGWR-3QM3-26F3 Potential remote code execution in Apache Tomcat

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...