EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

CVE-2026-4268

The CVE relates to WP Go Maps (formerly WP Google Maps) WordPress plugin. All versions up to 10.0.05 are affected by a Stored Cross-Site Scripting vulnerability via the wpgmza_custom_js parameter, caused by insufficient input sanitization/output escaping and a missing capability check in the admi...

Linux Distros Unpatched Vulnerability : CVE-2022-39234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

Malicious code in openmct-e2e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 929c26f533affbdfe0c09be2dff86f393cae1b379f25ce110aa61a1a27f473fb The OpenSSF Package Analysis project identified 'openmct-e2e' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

UBUNTU-CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

CVE-2025-52486

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been...

CVE-2025-48748

Netwrix Directory Manager formerly Imanami GroupID through v.10.0.7784.0 has a hard-coded password...

CVE-2025-48748

Netwrix Directory Manager formerly Imanami GroupID through v.10.0.7784.0 has a hard-coded password...

CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...

CVE-2022-36131

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page...

QiANXIN Tianqing Endpoint Security Management System 安全漏洞

QiANXIN Tianqing Endpoint Security Management System is a security vulnerability in the v10.0 version of QiANXIN Tianqing Endpoint Security Management System, a product of QiANXIN, China. A security vulnerability exists in QiANXIN Tianqing Endpoint Security Management System version v10.0, which...

CVE-2025-0942

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...

CVE-2025-27149

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...

CVE-2025-27832

The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...

CVE-2024-56196

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue...

CVE-2025-25192 GLPI allows unauthorized access to debug mode

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

CVE-2024-24293

A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...

Malicious code in profectus-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 062a69a64c4e77b2e5cebc7f5d21c239c51139c4d420c9fbf2e616f23ec838a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...