Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions 1.7.0 to 1.15.x of Axios contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of request and response size limits when using the fetch adapter, which may lead to resource exhaustion...

CLEANSTART-2026-LZ54652 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729 applied in versions: 1.7.0-r0, 1.7.1-r0

Multiple security vulnerabilities affect the vault-k8s package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

WordPress plugin WP Sync for Notion 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

CVE-2025-64784 DNG SDK | Heap-based Buffer Overflow (CWE-122)

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user...

CVE-2025-64894 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction ...

CVE-2025-64894 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction ...

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

PT-2025-43245

Name of the Vulnerable Software and Affected Versions Zippy versions through 1.7.0 Description The software contains a flaw related to unrestricted file uploads, allowing the use of malicious files. This could potentially allow an attacker to compromise the system. Recommendations Update to a...

CVE-2025-54725

Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through = 1.7.0...

AZL-61501 CVE-2025-46327 affecting package telegraf 1.29.4-21

gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...

CVE-2024-47249

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

WordPress plugin Kahuna 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Kahuna versions = 1.7.0...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...

dagster-dbt (>=0.20.5 <=0.23.6), dbt-af (>=0.4.1 <=0.4.2) +53 more potentially affected by unknown CVE via dbt-core (>=1.7.0 <=1.7.2)

dbt-core PYPI version =1.7.0, =0.20.5, =0.4.1, =1.7.0, =1.7.0, =1.7.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.0.0, =1.7.0, =1.7.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-J4G3-3Q8X-JXQP...