CLEANSTART-2026-NT10973 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.1.1-r3, 2.1.1-r6, 2.1.1-r7

Multiple security vulnerabilities affect the spark-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-28250

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

CVE-2025-42611 Improper certificate validation in multiple RouterOS services

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

CVE-2025-42611

CVE-2025-42611 : RouterOS provides multiple services (OpenVPN, CAPsMAN, Dot1x) that rely on certificate verification using a system-wide trusted store. The vulnerability stems from shared certificate validation logic that uses this store, allowing any CA in the trust store to be trusted across co...

CVE-2025-42611 Improper certificate validation in multiple RouterOS services

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

CVE-2026-31444 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31444 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-34724 Zammad has a server-side template injection leading to RCE via AI Agent

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

EUVD-2026-20284

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through = 3.1...

WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amfissa versions = 1.1...

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the use of insecure HTTP connections in the...

Drupal Facebook Pixel 安全漏洞

Drupal Facebook Pixel is an ad placement module for the Drupal community. A security vulnerability exists in Drupal Facebook Pixel versions 7.X-1.0 through 7.X-1.1, which stems from improper input neutralization during page generation and could lead to a stored cross-site scripting attack...

CVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code...

About the security content of Compressor 4.11.1

About the security content of Compressor 4.11.1 This document describes the security content of Compressor 4.11.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases ar...

CVE-2025-61934 AutomationDirect Productivity Suite Binding to an Unrestricted IP Address CWE-1327

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-8995

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...

Dnn.Platform 信息泄露漏洞

Dnn.Platform is an open source web content management platform CMS open sourced by Dnn Software. An information disclosure vulnerability exists in versions of Dnn.Platform prior to 10.0.1, which stems from a malicious interaction that exposes an NTLM hash, potentially leading to information...

CVE-2024-30521

Cross-Site Request Forgery CSRF vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1...

CVE-2020-23660

webTareas v2.1 is affected by Cross Site Scripting XSS on "Search."...

WordPress Streamit plugin <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Theme Streamit versions = 4.0.1...