CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...

CLEANSTART-2026-WK99982 Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42583, CVE-2026-42586, CVE-2026-44248, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq, ghsa-mj4r-2hfc-f8p6 applied in versions: 4.0.1-r0, 4.0.1-r1, 4.0.1-r2

Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details...

@cmmn/tools (>=3.0.0-alpha-1 <=3.0.0-alpha-6), mikr0 (=0.1.10) potentially affected by CVE-2026-33807 via @fastify/express (>=4.0.1 <=4.0.2)

@fastify/express NPM version =4.0.1, =3.0.0-alpha-1, =3.0.0-alpha-6 - mikr0 =0.1.10 Source cves: CVE-2026-33807 Source advisory: SNYK:JS-FASTIFYEXPRESS-16068280...

CLEANSTART-2026-TA27786 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 3.19.0-r0, 3.19.5-r0, 4.0.1-r0

Multiple security vulnerabilities affect the helm package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OT07577 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229 applied in versions: 3.19.0-r0, 4.0.1-r0, 4.1.0-r0

Multiple security vulnerabilities affect the helm-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...

@aabelmann/ui-layer (=0.0.1), @adinvadim/convex-vue (>=1.1.0 <=1.3.0) +753 more potentially affected by CVE-2026-30226 via devalue (>=4.0.1 <=5.6.3)

devalue NPM version =4.0.1, =1.1.0, =1.0.4, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.2.2, =0.2.2, =0.2.2, =0.3.0, =0.5.7, =0.0.1-beta.3, =0.0.1-alpha.1, =0.0.1-alpha.4 and more Source cves: CVE-2026-30226 Source advisory: SNYK:JS-DEVALUE-15467451...

Bastillion command injection vulnerability

Bastillion is an open-source key management tool developed by bastillion-io. Versions of Bastillion 4.0.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from incorrect operations on the System Management Module component in the file...

@0k.io/prettier (>=0.0.2 <=0.0.3), @0k/prettier (>=0.2.0 <=0.2.1) +319 more potentially affected by CVE-2026-24001 via diff (>=4.0.1 <=4.0.2)

diff NPM version =4.0.1, =0.0.2, =0.2.0, =1.2.0, =0.3.2, =0.4.0-next.6, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =0.4.0, =1.5.0, =4.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000161 advisory. Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. Tenable...

PT-2025-45154

Name of the Vulnerable Software and Affected Versions Quipux versions 4.0.1 through e1774ac Description A Cross Site Scripting issue exists in Quipux. The issue is located in the anexos/anexos nuevo.php file, specifically within the asocImgRad parameter. Recommendations Update Quipux to a version...

SUSE CVE-2025-61595

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.1), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.1) +32 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=4.0.0-M0 <=4.0.1)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1 and more Source cves: CVE-2025-57738https://vulners.com/cve/CVE-2025-...

Burgerportaal 安全漏洞

Burgerportaal is a GPP-Woo open source site for reading public documents. A security vulnerability exists in Burgerportaal versions prior to 2.0.3, prior to 3.0.2, and prior to 4.0.1, which stems from the exposure of employee names and e-mail addresses in a web response, which could lead to...

CVE-2025-53572

Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact wp-easy-contact allows Object Injection.This issue affects WP Easy Contact: from n/a through = 4.0.1...

WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin WP Easy Contact versions = 4.0.1...

CVE-2025-48947

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...

nextjs-auth0 代码问题漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A code issue vulnerability exists in versions of nextjs-auth0 prior to 4.0.1 through 4.5.1, which stems from not setting an expiration time when generating JWE tokens...

CVE-2025-3902

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Block Class allows Cross-Site Scripting XSS.This issue affects Block Class: from 4.0.0 before 4.0.1...