arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1285 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1285 Source advisory: SNYK:PYTHON-DJANGO-15199281...

EUVD-2025-201445

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-60837

MCMS v6.0.1 is affected by a reflected XSS vulnerability (CVE-2025-60837). The issue enables an attacker to execute arbitrary JavaScript in a user’s browser via a crafted payload. The CVE entry lists CVSS v3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:C, C:L, I:L, A:N, with a base score of 6.1 (Med...

CVE-2025-60837

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414365 advisory. drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor's internal memory...

CVE-2025-57954

CVE-2025-57954 is a valid cross-site scripting vulnerability in Poll Maker (WordPress plugin) that is DOM-based/XSS. Connected docs confirm affected software and technical details: Poll Maker versions up to 6.0.2 are vulnerable to a Stored Cross-Site Scripting (Authenticated) via input handling d...

Linux Distros Unpatched Vulnerability : CVE-2017-0485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated ...

CVE-2025-20092

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-26512

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of external SQL statements in the /WorkFlow/OfficeFileUpdate.aspx file. An attacker can exploit this vulnerability to execute illegal SQ...

PT-2024-11730 · Unknown · Geowebserver +1

Name of the Vulnerable Software and Affected Versions: GV-ASManager version 6.0.1.0 Description: The issue is related to a Local File Inclusion vulnerability in GeoWebServer via Path. This vulnerability is present in the specified version of GV-ASManager. Recommendations: For GV-ASManager version...

Weston Embedded uC-TCP-IP Security Vulnerability

Weston Embedded uC-TCP-IP is a TCP/IP stack for embedded systems from Weston Embedded. A security vulnerability exists in Weston Embedded uC-TCP-IP version v3.06.01 that stems from a denial of service vulnerability in the ICMP and ICMPv6 parsing functions...

Squid Resource Management Error Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A resource management error vulnerability exists in versions prior to Squid 6.0.1, which stems from the presence of a...

UBUNTU-CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggeri...

PT-2023-8580 · Squid +10 · Squid +11

Name of the Vulnerable Software and Affected Versions: Squid versions prior to 6.0.1 Description: The issue is related to a NULL pointer dereference bug in Squid's Gopher gateway, making it vulnerable to a Denial of Service attack. The gopher protocol is always available and enabled in Squid prio...

PT-2023-14258 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.7 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.2.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI,...

CVE-2022-30544

Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...

PT-2022-35189 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.1 Description: A bug has been identified in the nilfs mdt destroy function, potentially leading to a use-after-free UAF or general protection fault GPF issue. The actual impact and attack plausibility have...