Bolt CMS 安全漏洞

Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.0 and earlier contain security vulnerabilities, which stem from SQL injection vulnerabilities in the order parameter of the content list page. Attackers with low privileges and...

SUSE CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

UBUNTU-CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

EUVD-2026-32549

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

EUVD-2026-32529

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

PT-2026-44003

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.7.0 through 4.0.12 RabbitMQ versions 4.1.0 through 4.1.1 Description RabbitMQ is a messaging and streaming broker that contains a security issue. Recommendations Update to version 4.0.13 Update to version 4.1.2...

RabbitMQ 安全漏洞

RabbitMQ is an open-source, feature-rich multi-protocol message and streaming media broker. There were security vulnerabilities in versions of RabbitMQ from 3.7.0 to 4.1.2, as well as in version 4.0.13. Attackers could exploit these vulnerabilities to execute cross-site scripting attacks...

africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +427 more potentially affected by CVE-2026-6009 via net.sf.jasperreports:jasperreports (>=3.7.0 <=7.0.7)

net.sf.jasperreports:jasperreports MAVEN version =3.7.0, =1.0.0, =1.0.0, =4.0.4, =1.0.0, =1.0.7, =2.1.0, =2.1.0, =0.0.1, =0.0.1, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =25.11.0 and more Source cves: CVE-2026-6009 Source advisory: SNYK:JAVA-NETSFJASPERREPORTS-16787146...

CVE-2026-35051

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. There were security vulnerabilities in versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2. These vulnerabilities stemmed from the StripPrefixRegex middleware, which, when used in conjunction with...

CLEANSTART-2026-LS30652 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2026-6660

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.7.0 Description NiceGUI’s FileUpload.name property does not sanitize client-supplied filename metadata, which can lead to path traversal when developers use the pattern UPLOAD DIR / file.name. Attackers can exploit...

CVE-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...

CVE-2025-64169

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fimalert implementation does not check whether oldsum-md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a...

Linux Distros Unpatched Vulnerability : CVE-2023-46250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which lea...

CVE-2025-53194

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through = 3.7.0...

CVE-2025-53196

CVE-2025-53196 describes a vulnerability in Crocoblock JetEngine (JetEngine, WordPress plugin) where the insertion of sensitive information into sent data could lead to retrieval of embedded sensitive data. Technical details across connected sources show this affects JetEngine versions up to and ...

WordPress plugin JetEngine 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...