CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

Astra Linux - уязвимость в golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491

CVE-2026-40491 affects the gdown library (Python) prior to 5.2.2. A path traversal flaw in the extractall function fails to sanitize archive member filenames, allowing files to be written outside the destination directory and potentially enabling arbitrary file overwrite and Remote Code Execution...

GHSA-677C-XV24-CRGX baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

GHSA-6HPG-8RX3-CWGV baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

EUVD-2026-12914

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

CVE-2026-26740

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

chi 安全漏洞

Chi is a routing tool developed by Go-Chi. Versions of Chi 5.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the RedirectSlashes function, which had an open redirection feature, potentially redirecting victim users to malicious websites...

CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

PT-2026-8100

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files...

Security Bulletin: Vulnerabilities inuptrace pgdriver affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability inuptrace pgdriver has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-44906 DESCRIPTION:...

Security Bulletin: IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data vulnerable to Deserialization of Untrusted Data due to jackson-core

Summary jackson-core is used by IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data in the repo huts-common Vulnerability Details WSID: WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to...

CVE-2025-68071

CVE-2025-68071 describes an Insecure Direct Object Reference (IDOR) in the WordPress plugin “Essential Real Estate” (vendor: g5theme, affected: Essential Real Estate

CVE-2025-66127

CVE-2025-66127 concerns a Missing Authorization (broken access control) vulnerability in the WordPress plugin Essential Real Estate (g5theme Essential Real Estate) affecting versions up to 5.2.2. Affected software is the Essential Real Estate WordPress plugin; root cause is incorrectly configured...

WordPress Essential Real Estate plugin <= 5.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Essential Real Estate versions = 5.2.6...

WordPress Essential Real Estate plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Essential Real Estate versions = 5.2.6...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in Apache Tomcat [CVE-2025-48989]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in Apache Tomcat, due to a vulnerability to the 'made you reset attack' CVE-2025-48989. Apache Tomcat is used in our speech microservices. This vulnerabilitiy has been addressed. Please read the...