EUVD-2026-39361

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

CVE-2026-24993

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: fro...

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

CVE-2026-26002

CVE-2026-26002 affects the Open OnDemand Files application. Versions prior to 4.0.9 and 4.1.3 are susceptible to malicious input when navigating to a directory. This issue has been patched in 4.0.9 and 4.1.3; versions below these remain vulnerable. Remediation: upgrade to 4.0.9 or 4.1.3 or later ...

CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

CVE-2025-14880

CVE-2025-14880 concerns the Netcash WooCommerce Payment Gateway plugin for WordPress. The vulnerability arises from a missing capability check in the handle_return_url function, present in all versions up to and including 4.1.3, enabling unauthenticated attackers to modify data and mark WooCommer...

EUVD-2025-203556

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

EUVD-2025-203498

The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /dokan/v1/wholesale/register REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve...

CVE-2025-62980 WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability

Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through = 4.1.03...

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

PT-2025-33272 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.3 Description: A guest user accessing a chart in Apache Superset receives an API response from the /chart/data endpoint that includes a query field. This field improperly discloses database schema...

Dreamer CMS 安全漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which stems from improper authorization due to misuse of the parameter ID in the file /admin/attachment/download...

CVE-2024-54129 Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part SSP...

LG SuperSign CMS Cross-Site Scripting Vulnerability

LG SuperSign CMS is a content management software solution optimized for LG webOS kanbanban from Luckin LG Korea. A cross-site scripting vulnerability exists in LG SuperSign CMS versions 4.1.3 through 4.3.1, which stems from improper input neutralization during web page generation, resulting in...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability in component /admin/task/run...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker to delete a theme...

Dreamer CMS Cross-Site Request Forgery Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3. An attacker can exploit this vulnerability to conduct cross-site request forgery CSRF attacks via the component /admin/variable/delet...