EUVD-2025-210031

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

@antv/g6 (>=4.1.0 <=4.1.16), @antv/g6-element (>=0.0.1 <=0.0.16) +10 more potentially affected by unknown CVE via @antv/g6-core (>=0.0.1 <=0.0.9)

@antv/g6-core NPM version =0.0.1, =4.1.0, =0.0.1, =0.0.1, =0.0.1, =1.3.0, =2.0.0, =2.0.6, =0.0.1, =0.0.1, =0.5.85-1, =2.0.64 - motif-jupyter =0.0.1-beta.5 - yccw-common =0.5.85 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3985...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3010 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.4.0 <=4.4.9)

io.vertx:vertx-core MAVEN version =4.4.0, =0.0.1, =0.0.1, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =23.3.0, =23.3.0, =23.3.0, =23.9.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.tock:bot-test (=26.3.1), ai.tock:bot-test-base (=26.3.1) +437 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =5.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on io.vertx:vertx-core and may be impacted: - ai.tock:bot-test =26.3.1 - ai.tock:bot-test-base =26.3.1 - ai.tock:bot-toolkit =26.3.1 -...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-25917 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-25917 Source advisory: OSV:GHSA-6FFJ-2WG2-W45J...

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

@akago/akago_backend_commands (>=1.0.0 <=1.2.8), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +50 more potentially affected by CVE-2026-40255 via @adonisjs/core (>=5.1.11 <=6.21.0)

@adonisjs/core NPM version =5.1.11, =1.0.0, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.1 - @nhtio/adonis-maxmind =1.20260220.0 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-34538 via apache-airflow-core (>=3.0.0rc2 <=3.2.0b2)

apache-airflow-core PYPI version =3.0.0rc2, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-34538 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15954288...

CVE-2026-27049

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through = 1.4.2...

CVE-2026-25460

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-23514

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +445 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +445 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623152...

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.48.0), com.github.rumbledb:rumbledb (=2.0.0) +83 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=4.0.0-preview2 <=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0-preview2, =4.43.0, =0.43.0-preview, =0.43.0-preview, =4.0.0-preview22.0.1, =0.0.3, =0.0.3, =7.0.1, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc7 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-156231...

CVE-2026-27344

Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...

CVE-2025-69310

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through = 1.4...

apache-airflow (>=3.1.0b1 <=3.1.7), apache-airflow-providers-common-compat (>=1.6.0rc1 <=1.7.3rc1) +14 more potentially affected by CVE-2026-22922 via apache-airflow-core (>=3.1.0b1 <=3.1.7)

apache-airflow-core PYPI version =3.1.0b1, =3.1.0b1, =1.6.0rc1, =1.5.3rc1, =1.26.0rc1, =2.0.2rc1, =0.4.0rc1, =1.1.0b1, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-22922 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15267374...

ai.hyacinth.framework:core-service-jpa-support (>=0.5.2 <=0.5.21), ai.hyacinth.framework:core-service-trigger-server (>=0.5.2 <=0.5.21) +3479 more potentially affected by CVE-2026-0603 via org.hibernate:hibernate-core (>=5.0.0.Beta1 <=5.3.37.Final)

org.hibernate:hibernate-core MAVEN version =5.0.0.Beta1, =0.5.2, =0.5.2, =1.0.0, =1.0.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.6 and more Source cves: CVE-2026-0603 Source advisory: SNYK:JAVA-ORGHIBERNATE-15038759...

ai.mantik:ds_2.12 (>=0.3.0 <=0.3.1-rc2), ai.mantik:ds_2.13 (>=0.4.0 <=0.4.0-rc1) +1283 more potentially affected by CVE-2026-21452 via org.msgpack:msgpack-core (>=0.7.0-M6 <=0.9.10)

org.msgpack:msgpack-core MAVEN version =0.7.0-M6, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2026-21452 Source advisory: SNYK:JAVA-ORGMSGPACK-14857714...