PT-2026-45502

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

CVE-2025-15636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through = 3.5.1...

April 14, 2026-KB5084165 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

April 14, 2026-KB5084165 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 build 28000 and later Revised May 13, 2026: Updated 'How to get this update' section. Release Date: April 14, 2026 Version: .NET Framework 3.5 The April 14, 2026 update installs the complete .NET...

SUSE CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

EUVD-2026-5189

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

PT-2026-3751

Name of the Vulnerable Software and Affected Versions Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.5.1 Description The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution is susceptible to privilege escalation through account takeover. The...

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.5.3, prior to 2025.11.1, and prior to 2025.12.0, which stems from an...

CVE-2025-31634

CVE-2025-31634 describes a PHP Object Injection flaw in the WordPress theme “Insurance” (versions ≤ 3.5) due to deserializing untrusted data. Public sources (Patchstack/Red Hat/ENISA) confirm this is currently unpatched, affecting the Insurance theme up to 3.5; remediation is to upgrade to a vers...

EUVD-2025-30456

Malicious code in bioql PyPI...

EUVD-2021-33175

Malicious code in bioql PyPI...

PT-2025-39699

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0 Description WeGIA, a Web manager for charitable institutions, contains a SQL Injection flaw. The issue affects the control.php endpoint, specifically through the id produto parameter. Exploitation can occur via...

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

DEBIAN-CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter kw in file/search...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP v3.5, which stems from improper access control in the ResourceController.java component and could lead to access to ID data...

CVE-2025-6756

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-48957 AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in...

CVE-2024-24188

Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c...