MGASA-2026-0170 Updated assimp packages fix security vulnerabilities

CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...

Updated assimp packages fix security vulnerabilities

CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...

JLSEC-2026-188

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product...

JLSEC-2026-190

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possibl...

OESA-2026-2057 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability classified as critic...

EUVD-2026-20421

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39712

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

WordPress plugin tagDiv Composer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

GHSA-3VFF-HJQV-M7H8 JupyterHub has an Open Redirect Vulnerability

Affected Version JupyterHub = 5.4.3 Impact An open redirect vulnerability in JupyterHub =5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a...

OESA-2026-1215 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

WordPress WP-Members Membership Plugin plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Profile Names vulnerability discovered by Kishan Vyas in WordPress Plugin WP-Members versions = 3.5.4.2...

PT-2025-35581

Name of the Vulnerable Software and Affected Versions: Beakon Application versions prior to 5.4.3 Description: An incorrect access control issue exists in Beakon Application. Authenticated attackers with low-level privileges can escalate their privileges and execute commands with Administrator...

Beakon Application 安全漏洞

Beakon Application is a software from Beakon Australia with features for managing workplace security, risk and compliance. A security vulnerability exists in Beakon Application versions prior to 5.4.3 that stems from improper access control and could result in elevated privileges...

CVE-2025-58194 WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through = 5.4.3...

Linux Distros Unpatched Vulnerability : CVE-2025-5166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile...