13 matches found
GHSA-W37P-236H-PFX3 Compromise of PyTorch Lightning PyPi Package Versions
Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...
CVE-2026-39702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...
EUVD-2026-21690
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
Security Bulletin: NVIDIA NeMo Framework - February 2026
NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.6.1 or later from NVIDIA/NeMo Framework on NVIDIA GitHub or pypi. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilitie...
CVE-2025-62984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through = 2.6.1...
JLSEC-2025-61 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP-Player versions = 2.6.1...
WordPress plugin Custom Field Template security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Denial of Service (DoS)
Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be parsed. PoC js var pdfReader =...
UBUNTU-CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...
CVE-2021-41208
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...
VulnCheck KEV: CVE-2020-36719
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...