EUVD-2026-33580

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

PT-2026-33314

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description JWT Tokens used by tasks were exposed in logs. This exposure could allow UI users to act as Dag Authors. Recommendations Upgrade to version 3.2.0...

Fedora 43 : freerdp (2026-f6fe509803)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f6fe509803 advisory. Update to 3.24.2 It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986,...

CVE-2026-25435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-3725

CVE-2026-3725 affects 1024-lab/lab1024 SmartAdmin up to version 3.29. The issue resides in the FreeMarker Template Handler, specifically the function freemarkerResolverContent in MailService.java. Manipulating the argument template_content can lead to improper neutralization of special elements u...

GHSA-V8JM-5VWX-CFXM DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

SQUIRREL 安全漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had security vulnerabilities, which stemmed from uncontrolled recursion in the file squirrel/sqcompiler.cpp...

CVE-2025-69063 WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 3.2.0...

CVE-2022-23378

A Cross-Site Scripting XSS vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable...

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

CVE-2013-7472

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpdmetaboxes daytoshow parameter...

WordPress Compare Products for WooCommerce plugin <= 3.2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Compare Products for WooCommerce versions = 3.2.1...

CVE-2025-15173

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit...

CVE-2025-15171

A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-63052 WordPress SimpLy Gallery plugin <= 3.3.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.3.2.1...

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

EUVD-2025-27724

Malicious code in bioql PyPI...

CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...