WordPress CDI <5.1.9 - Cross Site Scripting

WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kms, crossplane-provider-azure-storagesync, podman, skopeo-fips, ipfs-cluster, crossplane-provider-azure-security, skopeo, crossplane-provider-azure-orbital, cert-manager-openshift-routes-fips, crossplane-provider-azure-signalrservice,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...

CVE-2026-34986 vulnerabilities

Vulnerabilities for packages: agentbeat, zot, tw, skaffold, podman, skopeo-fips, skopeo, neuvector-scanner-fips, kyverno-fips, spicedb-fips, sqlexporter-fips, cloudflared, bento-fips, keda-fips, dex, harbor-fips, dex-fips, opencost-fips, kubescape-server-fips, syft, tekton-chains-fips, fulcio-fip...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to an error in the protocol implementation when handling the User Supplied Secret USS digest in the LoadApp function. An attacker can cause the Compound Device Identifier CDI to b...

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 Release notes...

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

CVE-2025-14459

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

CVE-2025-55307

CVE-2025-55307 – Foxit PDF and Editor for Windows is affected in versions prior to 13.2 and 2025 before 2025.2. A malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath (e.g., "/") can trigger an out-of-bounds read in internal path-parsing logic, potentially l...

PT-2025-50615

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description An issue exists in Foxit PDF and Editor that may lead to information disclosure or memory corruption. This can occur when opening a...

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

SUSE SLES15 / openSUSE 15 Security Update : nvidia-container-toolkit (SUSE-SU-2025:4187-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4187-1 advisory. - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mo...

EUVD-2024-45887

Malicious code in bioql PyPI...

CVE-2022-1933

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

Request Parameter Leakage

io.quarkus, quarkus-rest is vulnerable to Request parameter leakage. The vulnerability is due to request parameters leaking between concurrent requests due to endpoints using field injection without a CDI scope, allows an attacker to manipulate request data, impersonate users, or access sensitive...

Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

CVE-2025-1247

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

CVE-2025-1247

CVE-2025-1247 affects Quarkus REST: a flaw where request parameters leak between concurrent requests when endpoints use field injection without a CDI scope. Root cause is shared per-request data in fields; attackers could manipulate data, impersonate users, or access sensitive information. Mitiga...

CVE-2024-52398

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through = 5.5.3...