NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Order Details versions = 3.1...

AIX is vulnerable to potential code execution (CVE-2025-61984 CVE-2025-61985) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Tue Jan 6 13:47:51 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory20.asc Security Bulletin: AIX is vulnerable to potential code execution CVE-2025-61984, CVE-2025-61985 due to...

Astra Linux - уязвимость в haproxy

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

ImageSharp 安全漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API open-sourced by Six Labors. A security vulnerability exists in ImageSharp versions prior to 2.1.11 and 3.0.0 through 3.1.10, which stems from the possibility of entering an infinite loop when processing specially...

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

WordPress Fyrebox Quizzes plugin <= 3.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Fyrebox Quizzes versions = 3.1...

org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

SUSE CVE-2019-3812

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2cddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host...

PYSEC-2022-269

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

Philips IntelliSpace Cardiovascular and Xcelera Unknown Search Path or Element Vulnerability

Philips IntelliSpace Cardiovascular ISCV and Xcelera are both products of the Dutch company Philips.Philips ISCV is a cardiac imaging information management system.Xcelera is its predecessor. A security vulnerability exists in Philips ISCV version 3.1 and earlier and Xcelera version 4.1 and...

DEBIAN-CVE-2014-2554

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element...