CVE-2026-45300 async-http-client: Cookie header not stripped on cross-origin redirect

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

WordPress Simple Banner plugin <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin Simple Banner versions = 3.0.10...

WordPress Pods plugin <= 3.0.10 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +8708 more potentially affected by CVE-2023-22102 via mysql:mysql-connector-java (>=3.0.10 <=8.0.33)

mysql:mysql-connector-java MAVEN version =3.0.10, =0.5.0, =0.5.0, =0.1.0, =4.1.3, =0.0.13, =1.13.3, =j8.2.2.0, =2.1.0, =1.0.0, =0.0.3, =0.0.5 and more Source cves: CVE-2023-22102 Source advisory: OSV:GHSA-M6VM-37G8-GQVH...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +2426 more potentially affected by CVE-2017-3586 via mysql:mysql-connector-java (>=3.0.10 <=5.1.41)

mysql:mysql-connector-java MAVEN version =3.0.10, =1.0.0, =1.1.5.RELEASE, =1.0.1, =0.0.1, =0.3.0, =0.2.0, =0.2.0, =0.4.1 and more Source cves: CVE-2017-3586 Source advisory: OSV:GHSA-PWH7-92H3-MQR6...

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...