CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...

EulerOS Virtualization 2.10.0 : gnupg2 (EulerOS-SA-2026-1554)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

EUVD-2026-11041

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited...

AZL-73192 CVE-2025-68972 affecting package gnupg2 for versions less than 2.4.9-1

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

CVE-2025-13295 Sensitive Data Exposure in ArgusTech's BILGER

Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.9...

PT-2024-25962 · Widgetkit · Widgetkit

Name of the Vulnerable Software and Affected Versions: WidgetKit versions prior to 2.4.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious scripts in...

PT-2022-21580 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.9 Description: The issue concerns the use of cache containing sensitive information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account...

DEBIAN-CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...

DEBIAN-CVE-2021-32792

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...