EUVD-2026-32002

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

CVE-2026-5161 Improper Authentication in TUBITAK BILGEM's Pardus About

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

CVE-2026-5161

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2...

PT-2026-35928

Improper link resolution before file access 'link following' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1...

CVE-2026-3211

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

EUVD-2026-15467

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

CVE-2026-3211

The CVE-2026-3211 entry concerns Drupal Theme Negotiation by Rules, affecting versions prior to 1.2.1. The vulnerability is a Cross-Site Request Forgery (CSRF) that leverages the module’s ability to render pages with theme_rule configs. The root cause is exposure via a GET request that can enable...

CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

Drupal Theme Negotiation by Rules 安全漏洞

Drupal Theme Negotiation by Rules is a content management system module developed by Drupal that dynamically selects website theme styles based on rules. Versions of Drupal Theme Negotiation by Rules prior to 1.2.1 contained security vulnerabilities, which were caused by susceptibility to...

arduino-TuyaOpen 安全漏洞

Arduino-TuyaOpen is an IoT development framework based on Arduino, open-sourced by Tuya. Versions of Arduino-TuyaOpen prior to 1.2.1 contained security vulnerabilities. These vulnerabilities stemmed from a heap-based buffer overflow in the DnsServer component, which could allow for the execution ...

CVE-2026-28521

CVE-2026-28521 affects arduino-TuyaOpen prior to 1.2.1, where an out-of-bounds memory read in the TuyaIoT component can be triggered by malicious DP event data issued by an attacker who hijacks or controls the Tuya cloud service. Impact is information disclosure and potential denial of service. D...

PT-2025-52574

Name of the Vulnerable Software and Affected Versions WC Builder – WooCommerce Page Builder for WPBakery plugin versions prior to 1.2.1 Description The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress contains a Stored Cross-Site Scripting issue. Insufficient input...

CVE-2025-12061 Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

EUVD-2025-27074

Malicious code in bioql PyPI...

CVE-2025-54314 affecting package rubygem-thor for versions less than 1.2.1-3

CVE-2025-54314 affecting package rubygem-thor for versions less than 1.2.1-3. A patched version of the package is available...

CVE-2025-9961 Authenticated RCE by CWMP binary

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle MITM attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6:...

CVE-2025-9961 Authenticated RCE by CWMP binary

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle MITM attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6:...

Linux Distros Unpatched Vulnerability : CVE-2024-58266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection. CVE-2024-58266...

AZL-66035 CVE-2024-58266 affecting package rust for versions less than 1.86.0-3

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

WordPress plugin Bulk Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...