CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

ROOT-OS-DEBIAN-12-CVE-2025-5372 CVE-2025-5372 in rootio-libssh - Patched by Root

Root has patched CVE-2025-5372 in the rootio-libssh package for Root:Debian:12. Multiple fixed versions available...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004331 advisory. In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka...

CVE-2025-1029

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1031

CVE-2025-1031 describes an Authorization Bypass Through a User-Controlled Key in Utarit Informatics Services Inc. SoliClub, enabling Functionality Misuse. Multiple sources (NVD/Red Hat/CVE list/etc.) converge that SoliClub versions prior to 5.3.7 are affected (from 5.2.4 before 5.3.7). The precis...

CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-9542 AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

CVE-2025-37902

CVE-2025-37902 entry is rejected/not used and does not represent an active vulnerability.

WordPress WooCommerce Multilingual & Multicurrency with WPML plugin <= 5.3.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.7...

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

CVE-2022-2537

creationtimestamp| type| source ---|---|--- 2022-08-29 22:34:19+00:00| seen| https://t.me/cibsecurity/48996...

PT-2021-3400 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.x prior to 5.2.15 Spring Framework versions 5.3.x prior to 5.3.7 Description: The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker ...

CVE-2017-8942

The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

DEBIAN-CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service resource consumption and inbox outage, via a Subject header containing only a URL, a related issue to...