5gasp-cli (>=0.1.0 <=0.4.0), aia-read-svc (>=0.5.1 <=0.6.2) +394 more potentially affected by CVE-2026-34591 via poetry (>=1.4.0 <=2.3.2)

poetry PYPI version =1.4.0, =0.1.0, =0.5.1, =2023.2.21, =0.2.0rc3, =0.1.0, =0.1.1, =0.6.0.68, =0.0.1, =0.1.0rc7, =0.0.2, =0.0.3 and more Source cves: CVE-2026-34591 Source advisory: OSV:GHSA-2599-H6XX-HPXP...

CLEANSTART-2026-HX97842 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-54410, CVE-2025-58181, CVE-2025-58190, CVE-2025-61727, CVE-2025-61729, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.2.2-r6, 2.3.2-r4, 2.4.4-r2, 2.5.0-r0, 2.5.0-r1

Multiple security vulnerabilities affect the openbao-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-49393 WordPress Sign-up Sheets Plugin <= 2.3.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

GO-2025-3855 OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao

OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin CF7 Spreadsheets versions = 2.3.2...

PT-2024-19033 · WordPress · Wp Ultimate Review

Name of the Vulnerable Software and Affected Versions: Wp Ultimate Review versions 2.3.2 and earlier Description: The issue is related to an Authentication Bypass by Spoofing vulnerability, allowing functionality bypass. Recommendations: For versions 2.3.2 and earlier, update to a version later...

RockOA Authorization Issues Vulnerability

RockOA Xinhu is an open source office OA system. An authorization issue vulnerability exists in Xinhu RockOA version 1.1, version 2.3.2, and version 15.X3amdi. An attacker could exploit this vulnerability to cause weak password recovery...

PT-2023-28028 · Groundhogg · Hollerbox Plugin

Name of the Vulnerable Software and Affected Versions: Groundhogg Inc. HollerBox plugin versions = 2.3.2 Description: The issue is related to an Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with administrative access can inject malicious scripts...

PT-2023-19041 · Stormshield · Stormshield Endpoint Security

Name of the Vulnerable Software and Affected Versions: Stormshield Endpoint Security versions 2.3.0 through 2.3.2 Description: The issue allows authenticated users to read sensitive information due to incorrect access control. Recommendations: For versions 2.3.0 through 2.3.2, update to a version...

SUSE CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)

apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:GHSA-5RP4-749P-VX26...

abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)

apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:PYSEC-2022-279...

PT-2022-13712 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to Stored Cross-Site Scripting via the Biography field on individual user profile pages. This is due to insufficient input...

CVE-2022-27043

Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2021-37688 via tensorflow-gpu (>=1.10.1 <=2.3.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-37688 Source advisory: OSV:GHSA-VCJJ-9VG7-VF68...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +109 more potentially affected by CVE-2021-37671 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-37671 Source advisory: OSV:PYSEC-2021-293...

GD Graphics Library 缓冲区错误漏洞

LibGD is an open source library for programmers to dynamically create images. an out-of-bounds read vulnerability exists in LibGD 2.3.2 and earlier. An attacker can exploit the vulnerability to cause a denial of service via specially crafted TGA files...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +109 more potentially affected by CVE-2021-29577 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29577 Source advisory: OSV:GHSA-V6R6-84GR-92RM...