Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016719 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016736 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2592 more potentially affected by CVE-2026-42402 via org.apache.neethi:neethi (>=2.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42402 Source advisory: OSV:GHSA-G36M-9G3M-2VMP...

K000160700: Log4J vulnerability CVE-2025-68161

Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https:// logging.apache . org/log4j/2.x/manual/appenders/network...

@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-34603 via @tinacms/graphql (>=2.0.0 <=2.2.1)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-34603 Source advisory: SNYK:JS-TINACMSGRAPHQL-15870346...

CVE-2025-13778

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13778 Device Reboot Control

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4381 more potentially affected by CVE-2026-2492 via tensorflow (>=2.0.0 <=2.21.0)

tensorflow PYPI version =2.0.0, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 - academic-emotion =0.1.2 and more Source cves: CVE-2026-2492 Source advisory: SNYK:PYTHON-TENSORFLOW-15325644...

WordPress plugin Client Testimonial Slider 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress UserPlus plugin <= 2.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin UserPlus versions = 2.0...

WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection vulnerability

WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions 2.0-2.13.9...

MiracleLinux 3 : dovecot-1.0.7-7.1.0.1.AXS3 (AXSA:2011-295:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-295:01 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in eith...

CVE-2025-65471

CVE-2025-65471 affects EasyImages 2.0 up to v2.8.6, with an arbitrary file upload in /admin/manager.php that can lead to remote code execution via a crafted PHP upload. Root cause described as improper file upload handling. Public references from multiple feeds confirm the vulnerability; PT-Secur...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +621 more potentially affected by CVE-2025-67638 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.528.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +152 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-applib MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

GatesAir Flexiva-LX Series 安全漏洞

The GatesAir Flexiva-LX Series is a series of solid-state FM transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Flexiva-LX Series versions 1.0.13 and 2.0 that originates from a publicly accessible log file exposing sensitive session identifiers, which could lead to...

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

...

EUVD-2025-36531

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input...

WordPress plugin Disable Content Editor For Specific Template 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...