@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-component (>=2.21.4 <=2.25.10) +8 more potentially affected by unknown CVE via @antv/l7-maps (>=2.10.0 <=2.25.9)

@antv/l7-maps NPM version =2.10.0, =2.1.13, =2.21.4, =2.1.13, =2.10.0, =2.10.0, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7MAPS-16755004...

@_sh/strapi-plugin-ckeditor (>=5.0.2 <=7.1.1), @a.agiir/cinny (>=0.0.1 <=0.0.2) +1247 more potentially affected by CVE-2026-44990 via sanitize-html (>=2.10.0 <=2.17.3)

sanitize-html NPM version =2.10.0, =5.0.2, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.8, =0.6.2-alpha.0, =0.7.3, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.8.21 and more Source cves: CVE-2026-44990 Source advisory: SNYK:JS-SANITIZEHTML-16697325...

CVE-2026-5110

The Gravity Forms WordPress plugin (versions

CVE-2026-5110 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

Caddy 数据伪造问题漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy 2.10.0 to 2.11.2 had a data manipulation vulnerability. This vulnerability stemmed from the forwardauth copyheaders function not stripping the headers provided by the client, which could lead...

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions v2.10.0 through 3.4.1, which originates from an unauthenticated attacker who can exhaust Redis connections, potentially resulting in a service degradation...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14929 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564275...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3829 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=4.9.2)

transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14929 Source advisory:...

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

EUVD-2025-34793

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

IBM多款产品 安全漏洞

IBM Fusion and others are a hybrid cloud application data platform from International Business Machines IBM. A security vulnerability exists in various IBM products that stems from the use of insecure default configurations that could lead to an attacker performing unauthorized operations. The...

Linux Distros Unpatched Vulnerability : CVE-2021-3392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1817 more potentially affected by CVE-2025-3933 via transformers (>=2.10.0 <=4.52.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3933 Source advisory: OSV:GHSA-37MW-44QP-F5JM...

GeoServer 2.10.0 < 2.24.4 Sensitive Information Exposure

According to its banner, the version of GeoServer running on the remote host is 2.10.0 prior to 2.24.4 or 2.25.x prior to 2.25.1. It is, therefore, affected by a Sensitive Information Exposure. Note that the scanner has not tested for these issues but has instead relied only on the application's...

@apollo/gateway (>=2.0.0 <=2.14.0), @dfanchon/gateway (=2.11.0) +68 more potentially affected by CVE-2024-43414 via @apollo/query-planner (>=2.10.0-alpha.0 <=2.8.4)

@apollo/query-planner NPM version =2.10.0-alpha.0, =2.0.0, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =11.5.0 and more Source cves: CVE-2024-43414 Source advisory: OSV:GHSA-FMJ9-77Q8-G6C4...

Harbor Security Breach

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control, ensuring that images are scanned and are not vulnerable, and signing images as trusted. A security vulnerability exists in Harbor v2.8.4, v2.9.2, and v2.10.0 and...

CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this iss...

SUSE CVE-2021-3392

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU...

CVE-2022-35981

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

com.catify.bpmn:bpmn-engine-dist-jpa-camel (=1.1), com.catify.bpmn:integration-spi-camel (=1.1) +320 more potentially affected by CVE-2013-4330 via org.apache.camel:camel-core (>=2.10.0 <=2.10.6)

org.apache.camel:camel-core MAVEN version =2.10.0, =0.3.4, =5.8.0-NESS-1, =1.5.1, =1.6.0 and more Source cves: CVE-2013-4330 Source advisory: OSV:GHSA-X9FV-C87W-55WC...