CVE-2026-43948

Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...

EUVD-2026-18756

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

CVE-2025-67539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

iRedAdmin 安全漏洞

iRedAdmin is a free open source mail server solution from iRedAdmin Open Source. A security vulnerability exists in iRedAdmin prior to version 2.6 that stems from the ordername parameter containing a cross-site scripting vulnerability...