Astra Linux – Vulnerability in libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

CVE-2026-42651

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

EUVD-2026-36819

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

PT-2026-49445

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2243)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...

EUVD-2026-32959

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

EUVD-2026-31986

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

RHSA-2026:19570 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

RHSA-2026:19571 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

RHSA-2026:18693 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

PT-2026-42168

Name of the Vulnerable Software and Affected Versions Twig versions 2.16.x Twig versions 3.9.0 through 3.25.x Description A sandbox bypass exists when using a SourcePolicyInterface. This occurs because a runtime check fails to use the current template source, allowing attackers with template...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 9 : python3.9 (RHSA-2026:18693)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18693 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

Debian dla-4583 : idle-python3.9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4583 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected]...