CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

SUSE CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.5)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +99 more potentially affected by CVE-2026-26209 via cbor2 (>=4.1.2 <=5.8.0)

cbor2 PYPI version =4.1.2, =0.1.0, =0.1.0, =0.7.0, =0.13.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.2.0, =0.10.6, =0.7.1a0, =1.0.7 and more Source cves: CVE-2026-26209 Source advisory: OSV:GHSA-3C37-WWVX-H642...

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability discovered by Gibran Abdillah in WordPress Plugin KiviCare versions = 4.1.2...

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

CVE-2025-13213

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open source project for a kind of Hongmeng operating system from the China OpenAtom OpenAtom Foundation. A buffer error vulnerability exists in OpenHarmony version v4.1.2 and prior versions, which stems from allowing out-of-bounds writes to memory. An attacker exploiting this...

CVE-2024-11319

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PT-2024-40898 · Unknown · Django Cms

Name of the Vulnerable Software and Affected Versions: django-cms versions 3.11.7 through 3.11.8 django-cms versions 4.1.2 through 4.1.3 Description: The issue affects django-cms, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations...

PT-2024-25825 · Popup Box · Popup Box

Name of the Vulnerable Software and Affected Versions: Popup box versions n/a through 4.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS in the Popup Box Team Popup box. Recommendations: For versions n/a through 4.1.2, update ...

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress Plugin vSlider Multi Image Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

GHSA-8QG8-C7MW-6FJ7 Mattermost Server is vulnerable to Directory Traversal by System Admins

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting...

dhcp: DoS due to error in handling malformed client identifiers

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...