PT-2026-38407

Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...

CVE-2025-62845

CVE-2025-62845 describes an improper neutralization of escape, meta, or control sequences affecting QHora devices. The root cause is not elaborated beyond that description in the provided sources, but the vulnerability is triggered when a local attacker with administrator privileges can cause abn...

PT-2026-26633

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An issue exists in QHora where an improper restriction of communication channels to intended endpoints can allow an attacker with physical access to gain elevated privileges. The issue was exploite...

EulerOS 2.0 SP13 : python-urllib3 (EulerOS-SA-2026-1295)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

GHSA-38JV-5279-WG99 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...

CVE-2025-11973 简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read

The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the kdsflag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitra...

CVE-2025-8487

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

Red Hat OpenShift Service Mesh 环境问题漏洞

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...

RockOA Cross-Site Scripting Vulnerability

RockOA Xinhu is an open source office OA system. A cross-site scripting vulnerability exists in Xinhu RockOA v2.6.3, which originates from a cross-site scripting vulnerability in the num parameter on /flow/flow.php...

PT-2024-24809 · Elementor · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit versions through 2.6.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions...

WordPress plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Index Now security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Cockpit Security Vulnerabilities

Cockpit is an interactive server management interface. A security vulnerability exists in cockpit version 2.6.3, which stems from the presence of a PHP remote file inclusion vulnerability...

CVE-2023-29815

mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...

SUSE CVE-2022-21729

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

ToMAX R60G Cross-Site Request Forgery Vulnerability

The ToMAX R60G is an enterprise router device from China's Xinghongwang Technology ToMAX. A cross-site request forgery vulnerability exists in the ToMAX R60G V2-V2.0-v.2.6.3-170330 version. A remote attacker can exploit this vulnerability to perform unauthorized operations...