CVE-2026-35337

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

PT-2026-32329

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

CVE-2025-67921 WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through 2.8.6...

PT-2022-16824 · Unknown +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.8.6 Icinga Web 2 versions prior to 2.9.6 Icinga Web 2 versions prior to 2.10 Description: Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, wit...

WordPress profilegrid-user-profiles-groups-and-communities plugin code injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. profilegrid-user-profiles-groups-and-communities is a plugin for configuring site user permissions. A code injection vulnerability...

Moodle Sensitive Course Structure Disclosure Vulnerability

Moodle is an open source web-based teaching and learning application. A security vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9, which allows remote attackers to exploit the vulnerability to view course structure information...