IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:PYSEC-2026-148...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44198 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44198 Source advisory: OSV:GHSA-C4MR-889M-VGF6...

CVE-2026-39364

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

Vite 访问控制错误漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 7.1.0 to 7.3.2, as well as versions before 8.0.5, have a access control error vulnerability. This vulnerability stems from the ability to bypass the server file blocklist, potentially allowing access to fil...

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +187 more potentially affected by CVE-2026-39364 via vite (>=7.1.0 <=7.3.1)

vite NPM version =7.1.0, =1.89.2, =20.2.0, =20.2.0, =0.1.0, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.29.0 and more Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITE-15922245...

WordPress ExactMetrics plugin 7.1.0-9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability

Authenticated Custom Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability discovered by Ali Sünbül in WordPress Plugin ExactMetrics versions 7.1.0-9.0.2...

WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

GHSA-8HHX-XQ9J-XWFJ funadmin exposes sensitive information via getMember function

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

CVE-2025-62181

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

@altipla/directus-sdk-utils (=0.7.2), @angular-devkit/build-angular (>=20.2.0 <=21.0.0-rc.1) +58 more potentially affected by CVE-2025-58752 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =1.0.0, =3.22.0, =9.0.0-next.68, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0-next.9 and more Source cves: CVE-2025-58752 Source advisory: OSV:GHSA-JQFW-VQ24-V9C3...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation versions 7.0.2 iFix033 and earlier, 7.0.3 iFix012 and earlier, and 7.1.0 iFix002 and...

PT-2025-35945

Name of the Vulnerable Software and Affected Versions IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix033 IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix012 IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix002 Description An authenticated user may be able to upload files to the...

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +162 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)

copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: OSV:GHSA-P7Q8-GRRJ-3M8W...

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A security vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0. An attacker exploiting the vulnerability could gain access to sensiti...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A security vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0. An attacker could exploit the vulnerability to obtain sensitive...

PT-2025-1094 · Ibm · Ibm Jazz Foundation

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation versions 7.0.2 through 7.1.0 Description: The issue is related to inadequate access control to personal information, allowing an attacker to disclose protected information. Specifically, passwords are not masked during...

WordPress theme Porto 安全漏洞

WordPress is a suite of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Porto version 7.1.0 and earlier...