CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0

Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2025-28169

Malicious code in bioql PyPI...

PT-2025-36643

NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

PT-2025-35116

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.6 Description NeuVector versions up to and including 5.4.5 use a hardcoded password for the built-in admin account. If this password is not changed after deployment, attackers with network access within the...

WordPress Poll Maker plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection vulnerability

Authenticated Administrator+ Time-Based SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Poll Maker versions = 5.4.6...

CVE-2024-9265

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echocheckpostheadersent function. This makes it possib...

WordPress Customer Reviews for WooCommerce plugin <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search vulnerability

Missing Authorization to Authenticated Subscriber+ Coupon Search vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Customer Reviews for WooCommerce versions = 5.46.0...

AZL-41149 CVE-2020-24370 affecting package lua for versions less than 5.4.6-1

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...