JimuReport 代码注入漏洞

JimuReport is a free reporting tool developed by JEECG in China. Versions of JimuReport 2.3.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter dbUrl in the DriverManager.getConnection function within the Data Source Handler...

CVE-2026-39670 WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through = 2.3.0...

PT-2026-31232

CVE-2026-39670 Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link P… https://t.co/gG1042ZMnD...

UBUNTU-CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

CVE-2026-33347

Summary: CVE-2026-33347 affects league/commonmark’s Embed extension DomainFilteringAdapter. A missing hostname boundary assertion in the domain-matching regex allows an attacker-controlled domain (e.g., youtube.com.evil) to bypass the allowlist, potentially treating untrusted content as allowed. ...

CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

EUVD-2023-27815

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

GrandNode 竞争条件问题漏洞

GrandNode is a GrandNode open source, cross-platform, open source e-commerce solution based on ASP.NET CORE and MongoDB. A Competitive Condition Issue vulnerability exists in GrandNode 2.3.0 and earlier versions, which stems from a competitive condition due to incorrect manipulation of the...

org.apache.seatunnel:connector-console-seatunnel-e2e (>=2.3.0 <=2.3.10), org.apache.seatunnel:connector-seatunnel-e2e-base (>=2.3.0 <=2.3.10) +2 more potentially affected by CVE-2025-32896 via org.apache.seatunnel:seatunnel-engine-server (>=2.3.0 <=2.3.10)

org.apache.seatunnel:seatunnel-engine-server MAVEN version =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.10 - org.apache.seatunnel:seatunnel-engine-k8s-e2e =2.3.10 Source cves: CVE-2025-32896 Source advisory: SNYK:JAVA-ORGAPACHESEATUNNEL-10442152...

org.apache.linkis:linkis-engineplugin-seatunnel (>=1.4.0 <=1.8.0), org.apache.seatunnel:connector-console-seatunnel-e2e (>=2.3.0 <=2.3.10) +6 more potentially affected by CVE-2025-32896 via org.apache.seatunnel:seatunnel-engine-common (>=2.3.0-beta <=2.3.10)

org.apache.seatunnel:seatunnel-engine-common MAVEN version =2.3.0-beta, =1.4.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.10 Source cves: CVE-2025-32896 Source advisory: SNYK:JAVA-ORGAPACHESEATUNNEL-10442151...

ai.tripl:arc-kafka-pipeline-plugin_2.12 (>=1.3.0 <=1.15.1), cn.buli-home:MustardTools (>=0.0.1 <=0.2.8) +220 more potentially affected by CVE-2025-27818 via org.apache.kafka:kafka_2.12 (>=2.3.0 <=3.9.0)

org.apache.kafka:kafka2.12 MAVEN version =2.3.0, =1.3.0, =0.0.1, =0.3.0, =6.0.1, =6.0.1, =6.0.1, =6.0.1, =6.0.1, =5.9.3, =5.5.7, =5.6.0, =0.4.1, =2.3, =2.3, =1.3.2, =1.4.5 and more Source cves: CVE-2025-27818 Source advisory: OSV:GHSA-76QP-H5MR-FRR4...

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0...

biz.eyebeam.mssc:mssc-public-bom (>=1.0.1 <=1.0.12), br.com.faroltech:mssc-brewery-bom (>=1.0.3 <=1.0.5) +922 more potentially affected by CVE-2025-27391 via org.apache.activemq:artemis-core-client (>=1.5.1 <=2.3.0)

org.apache.activemq:artemis-core-client MAVEN version =1.5.1, =1.0.1, =1.0.3, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =1.0.3, =1.0.7364, =1.6, =1.1, =0.1.19, =0.2.5 and more Source cves: CVE-2025-27391 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9689863...

PT-2024-12003 · Brainstorm Force · Spectra

Name of the Vulnerable Software and Affected Versions: Brainstorm Force Spectra versions through 2.3.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

CVE-2023-23730

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0...

WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability

Unauthenticated Arbitrary Post/Page vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Wholesale For WooCommerce versions = 2.3.0...

@armiasystems/react-native-armia-chat-sdk (>=1.0.8 <=1.0.9), @kafudev/react-native-core (>=1.0.1 <=1.0.4) +42 more potentially affected by CVE-2024-25466 via react-native-document-picker (>=2.3.0 <=8.2.0)

react-native-document-picker NPM version =2.3.0, =1.0.8, =1.0.1, =0.64.1-beta.46, =0.5.0, =0.0.8, =0.0.14, =0.0.186, =0.0.5, =2.46.0, =1.0.0, =0.0.24, =0.0.1, =1.1.12 - abc123efgh =1.0.0 and more Source cves: CVE-2024-25466 Source advisory: OSV:GHSA-PMGM-H3CC-M4HJ...

PT-2024-14253 · Airflow · Airflow

Name of the Vulnerable Software and Affected Versions: Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description: The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption...

com.cybersource:cybersource-sdk-java (>=6.2.12 <=6.2.13), com.github.zuinnote:hadoopoffice-flinkts_2.11 (>=1.6.3 <=1.6.4) +363 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=2.3.0 <=2.3.3)

org.apache.santuario:xmlsec MAVEN version =2.3.0, =6.2.12, =1.6.3, =1.6.3, =1.6.3, =1.6.3, =2.1.0, =6.0.0, =5.1.4, =2021.11.24, =2021.11.24, =2021.11.24, =2021.11.24, =2021.11.24, =0.2.1, =0.2.15 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions prior to v2.3.0 and v2.2.2a, which stems from a Brocade SANnav log file that could lead to information disclosure, where sensitive fields are recorded in...