EUVD-2026-34005

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

CVE-2026-44547

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

CVE-2026-44547

CVE-2026-44547 affects ChurchCRM 7.2.0–7.2.2, where an incomplete fix for CVE-2026-4058 left the public login path exploitable. The hardening commit was merged but silently stripped from src/api/routes/public/public-user.php before any 7.2.x tag was cut, so all 7.2.x releases remain vulnerable. T...

EUVD-2026-29884

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

PT-2026-40463

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

CVE-2026-28222

Wagtail CVE-2026-28222 is a stored XSS affecting TableBlock in StreamField. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, an attacker with page creation/edit permissions could craft TableBlock class attributes that render arbitrary JavaScript when viewed by higher-privilege users. This is not...

CVE-2022-38733

OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component...

Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410

Summary IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410. This bulletin contains information regarding the vulnerability and its fixture...

CVE-2025-47220

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...

PT-2025-46910

Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for an authentication bypass. Recommendations Update to version 7.3.1 or later...

PT-2025-46908

Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.3.1 Description Keyfactor SignServer has an issue with Incorrect Access Control. This allows for authentication bypass. Recommendations Update to version 7.3.1 or later...

EUVD-2025-28023

Malicious code in bioql PyPI...

EUVD-2025-24462

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-52237

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal...

CVE-2023-52127

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1...

PT-2023-27782 · Silicon · Silicon Labs Ember Znet Sdk

Name of the Vulnerable Software and Affected Versions: Silicon Labs Ember ZNet SDK versions 7.3.1 and earlier Description: The issue allows potential modification or extraction of network credentials stored in flash due to missing encryption of security keys in the Silicon Labs Ember ZNet SDK on...