PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

PT-2026-23358

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

📄 Serendipity 2.5.0 PHP Code Injection

Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...

WordPress plugin eHive Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CLSA-2026-1767798754 expat: Fix of 3 CVEs

Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser part of 839, reject direct parameter entity recursion part of 839 - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

OESA-2025-1958 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in ...

CVE-2025-31636 WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

PaddlePaddle 资源管理错误漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle versions prior to 2.5.0, which stems from a Use after free vulnerability. An attacker could use this vulnerability to perform unauthorized operations or...

SUSE CVE-2021-29543

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

SUSE CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

PYSEC-2021-671

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

PYSEC-2021-444

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

CVE-2021-29527

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...

radare2 denial of service vulnerability (CNVD-2018-12201)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the rreadle32 function in radare2 2.5.0. A remote attacker can...