CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

Astra Linux - уязвимость в python-django

The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

CVE-2026-29067

ZITADEL (open source identity management) versions 4.0.0-rc.1 through 4.7.0 have a vulnerability in the password reset flow (login V2). The system uses the Forwarded or X-Forwarded-Host header to build the password reset confirmation URL sent by email, which could lead to improper confirmation li...

WordPress MP3 Audio Player 4.0-5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 4.0-5.10...

WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

PT-2026-7145

Name of the Vulnerable Software and Affected Versions Craft versions 4.0.0-RC1 through 4.16.17 Craft versions 5.0.0-RC1 through 5.8.21 Description Craft is a platform for creating digital experiences. The element-indexes/get-elements API endpoint is susceptible to SQL Injection via the...

CVE-2025-67685

A Server-Side Request Forgery SSRF vulnerability CWE-918 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000162 advisory. The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14924 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14924 Source advisory:...

Exploit for CVE-2025-67494

ZITADEL SSRF Exploit - CVE-2025-67494 Automated exploit for C...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +507 more potentially affected by CVE-2025-64460 via django (>=4.0.0 <=4.2.26)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =65.10.0, =65.10.3 and more Source cves: CVE-2025-64460 Source advisory: SNYK:PYTHON-DJANGO-14157807...

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. A security vulnerability exists in Fortinet FortiSandbox that stems from improper...

UBUNTU-CVE-2025-61103

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinklanadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

EUVD-2007-6713

Malware in sbrugna...

EUVD-2017-10698

Malware in sbrugna...

EUVD-1999-0051

Malware in sbrugna...

EUVD-2021-9427

Malicious code in bioql PyPI...

EUVD-2022-3970

Malicious code in bioql PyPI...