EUVD-2026-11056

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issu...

WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vivagh versions = 2.4...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-58995 WordPress Leblix Theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Leblix leblix allows PHP Local File Inclusion.This issue affects Leblix: from n/a through = 2.4...

CVE-2025-54236

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...

OESA-2025-2045 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

CVE-2025-31582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through = 2.4...

PT-2025-14726 · Unknown · Ashish Ajani Contact Form Vcard Generator

Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...

WordPress plugin Simple Membership Custom Messages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin WC Affiliate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Open Library Foundation VuFind 安全漏洞

Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind versions 2.4 through prior to 9.1.1, which stems from the presence of a server-side request forgery SSRF...

SUSE CVE-2009-3228

The tcfilltclass function in net/sched/schapi.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain 1 tcmpad1 and 2 tcmpad2 structure members, which might allow local users to obtain sensitive information from kernel memory via...

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

com.github.gfernandez598:springwebflow-optforrepl (=1.0), fr.natsystem.natjet:natsys-nsworkflow (=7.0.19) +295 more potentially affected by CVE-2017-4971 via org.springframework.webflow:spring-webflow (>=2.4.0.RELEASE <=2.4.4.RELEASE)

org.springframework.webflow:spring-webflow MAVEN version =2.4.0.RELEASE, =1.0.0.RELEASE, =1.0, =1.0, =2.0.0-RC1, =2.0.0-RC1, =2.0.0-RC1, =2.0.0-RC1, =2.0.0-RC1, =5.0.0, =5.0.0, =5.1.9 and more Source cves: CVE-2017-4971 Source advisory: OSV:GHSA-FG9W-CFFM-PMH2...

brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +4 more potentially affected by CVE-2021-37655 via tensorflow-gpu (>=2.4.0 <=2.4.2)

tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =0.1.0.dev98, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-37655 Source advisory: OSV:GHSA-7FVX-3JFC-2CPC...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +94 more potentially affected by CVE-2021-37662 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-37662 Source advisory: OSV:GHSA-F5CX-5WR3-5QRC...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +94 more potentially affected by CVE-2021-37668 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-37668 Source advisory: OSV:GHSA-2WMV-37VQ-52G5...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +94 more potentially affected by CVE-2021-37638 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-37638 Source advisory: OSV:PYSEC-2021-260...

DEBIAN-CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service DOS via a crafted web request...