CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

CLEANSTART-2026-JF28061 Security fixes for CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.19.0-r0, 2.19.0-r1

Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-5471

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

PT-2023-7904 · WordPress · User Post Gallery

Name of the Vulnerable Software and Affected Versions: User Post Gallery WordPress plugin versions 2.19 and earlier Description: The issue is related to insufficient authorization procedure in the User Post Gallery WordPress plugin, allowing remote attackers to execute arbitrary code. This is...

PT-2020-15533 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Description: A cross-site request forgery CSRF issue allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers...