EUVD-2026-21100

Helm Chart extraction output directory collapse via Chart.yaml name dot-segment...

CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

CVE-2026-35205

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...

PT-2026-31732

Name of the Vulnerable Software and Affected Versions Helm versions 3.20.1 and earlier, and versions 4.1.3 and earlier Description Helm, a package manager for Kubernetes Charts, is affected by an issue where a specially crafted Chart can cause the helm pull --untar command to write chart contents...

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

DEBIAN-CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

UBUNTU-CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

EUVD-2025-24530

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-3806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some...

PT-2025-32953 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.3 and earlier Description: Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read issue that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction,...

CVE-2024-6177

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before 4.3.1...

WordPress plugin WP Table Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-11319

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

PT-2024-40898 · Unknown · Django Cms

Name of the Vulnerable Software and Affected Versions: django-cms versions 3.11.7 through 3.11.8 django-cms versions 4.1.2 through 4.1.3 Description: The issue affects django-cms, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations...

CVE-2024-6179

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before 4.3.1...

LG SuperSign CMS Cross-Site Scripting Vulnerability

LG SuperSign CMS is a content management software solution optimized for LG webOS kanbanban from Luckin LG Korea. A cross-site scripting vulnerability exists in LG SuperSign CMS versions prior to 4.1.3 through 4.3.1, which stems from the presence of improper input neutralization during web page...

Design/Logic Flaw

Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly...

WESEEK GROWI Information Disclosure Vulnerability

Weseek WESEEK GROWI is a suite of team collaboration software from WESEEK Weseek Japan. An information disclosure vulnerability exists in GROWI versions 4.0.0 through 4.1.3, which stems from the application exporting too much data. The vulnerability allows a remote attacker to access potentially...