CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

aiohttp 注入漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 had a injection vulnerability. This vulnerability stemmed from the possibility that attackers could control the reason...

AZL-79257 CVE-2026-3381 affecting package openjpeg2 2.3.1-12

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

PT-2025-28746 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is related to an Improper Restriction of XML External Entity Reference 'XXE' that could result in a security feature bypass. A high-privileged attacker could...

PT-2025-14433 · WordPress · Wp Autokeyword

Name of the Vulnerable Software and Affected Versions: WP AutoKeyword versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, which allows attackers to inject malicious SQL commands. This is due to the improper neutralization of special elements used in an SQ...

WordPress plugin Mags 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

yard Security breach

yard is a documentation generation tool for the Ruby programming language. A security vulnerability exists in versions prior to yard 0.9.35, which stems from insufficient cleaning of user input and makes it susceptible to cross-site scripting XSS attacks...

Cross site scripting

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a regular...

com.groupon.sparklint:sparklint-spark160_2.10 (>=1.0.4 <=1.0.12), com.groupon.sparklint:sparklint-spark161_2.10 (>=1.0.4 <=1.0.12) +21 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.10 (>=0.10.0 <=0.16.6a)

org.http4s:http4s-server2.10 MAVEN version =0.10.0, =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.5, =1.0.8, =1.0.9, =1.0.9, =1.0.9, =1.0.0, =2.2.0, =2.2.0, =2.2.5 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

CVE-2020-27723

CVE-2020-27723 affects BIG-IP APM: a PingAccess request on a BIG-IP APM virtual server may trigger a restart of the Traffic Management Microkernel (TMM), disrupting traffic processing and causing a failover in HA. Affected versions include 14.1.0–14.1.3 and 13.1.0–13.1.3.4. Remediation per F5 adv...

Cross-site Scripting (XSS)

Overview xapian-core is a provides Xapian libraries and Ruby bindings. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escapi...

Samba 2.2.x - &#039;call_trans2open&#039; Remote Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt...