CVE-2026-7739

The CVE affects justdan96 tsMuxer (up to 2.7.0). Affected component: HevcVpsUnit::setFPS in tsMuxer/hevc.cpp. Root cause: manipulation of the argument track_id leads to a denial of service. Privileges/context: local access required; exploit publicly available. Impact: denial of service; affected ...

CLEANSTART-2026-UJ06223 Security fixes for CVE-2025-25285, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-34x7-hfp2-rc4v, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-9ppj-qmqm-q256, ghsa-fj3w-jwp8-x2g3, ghsa-fjxv-7rqg-78g4, ghsa-jp2q-39xq-3w4g, ghsa-mh29-5h37-fv8m, ghsa-pfrx-2q88-qq97, ghsa-qffp-2rhf-9h96, ghsa-r6q2-hw4h-h46w, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.6.0-r1, 2.7.0-r0, 2.8.1-r0

Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JK84667 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.7.0-r7, 2.7.0-r8

Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

PT-2026-22381

Name of the Vulnerable Software and Affected Versions Seerr versions prior to 3.1.0 Description Seerr, an open-source media request and discovery manager for Jellyfin, Plex, and Emby, contains a flaw where authenticated users can access and modify data belonging to other users. This is due to the...

seerr 安全漏洞

Seerr is a media request and discovery manager developed by the Seerr Team. Versions of Seerr from 2.7.0 to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, which could allow authenticated users to access and modify data of other users...

CVE-2023-43797

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

PT-2026-1515

Name of the Vulnerable Software and Affected Versions Dasinfomedia WPCHURCH versions through 2.7.0 Description The software contains a flaw due to improper neutralization of input during web page generation, specifically a Reflected Cross-site Scripting XSS issue. This allows for the injection of...

CVE-2025-8617

CVE-2025-8617 affects the WordPress plugin YITH WooCommerce Quick View (WordPress) up to version 2.7.0. It enables a Stored Cross-Site Scripting (XSS) via the shortcode yith_quick_view due to insufficient input sanitization and output escaping. Exploitable by authenticated attackers with contribu...

EUVD-2020-4038

Malware in sbrugna...

Faydam Datalogger 2.7.0 SQL Injection

Faydam Datalogger versions 2.7.0 and below suffer from a remote SQL injection vulnerability...

DEBIAN-CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

PT-2025-23105

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common...

UBUNTU-CVE-2025-32803

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

PT-2024-14786 · Synology · Synology Active Backup For Business Agent

Name of the Vulnerable Software and Affected Versions: Synology Active Backup for Business Agent versions prior to 2.7.0-3221 Description: A missing encryption issue exists in the settings functionality of Synology Active Backup for Business Agent, allowing local users to obtain user credentials...

com.alipay.sofa.koupleless:arklet-springboot-starter (>=1.0.0 <=1.4.2), com.alipay.sofa.koupleless:koupleless-base-starter (>=1.0.0 <=1.4.2) +84 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=2.7.0 <=2.7.2)

org.springframework.boot:spring-boot-loader MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.5.1, =0.5.1, =2.2.4, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2024-38807 Source advisory:...

WordPress Tutor LMS Pro plugin <= 2.7.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by villu164 in WordPress Plugin Tutor LMS Pro versions = 2.7.0...

@aem-vite/import-rewriter (>=5.0.1 <=6.0.1), @aem-vite/vite-aem-plugin (>=1.0.0 <=2.3.1) +124 more potentially affected by CVE-2023-34092 +1 more via vite (>=2.7.0 <=2.9.16)

vite NPM version =2.7.0, =5.0.1, =1.0.0, =3.0.0-beta.5, =3.0.0-beta.2, =0.10.0, =1.1.0-next.4, =0.0.0-experimental-17c6886-20220324, =0.0.0-canary-20220428124037, =0.1.5, =0.0.11, =0.0.12, =0.0.1, =0.1.5, =0.0.11, =0.0.37, =0.0.42 and more Source cves: CVE-2023-34092, CVE-2024-23331 Source...

Apache Airflow Cross-Site Request Forgery Vulnerability (CNVD-2024-0101720)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site request forgery vulnerability exists in Apache Airflow versions 2.7.0...

CVE-2022-45362

Server-Side Request Forgery SSRF vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0...