CLEANSTART-2026-AK18460 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CVE-2026-40107

Summary: SiYuan before 3.6.4 configures Mermaid.js with securityLevel: loose and htmlLabels: true, allowing tags to survive DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a user opens a note containing a malicious Mermaid diagram, the El...

CLEANSTART-2026-LR09759 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

OpenSIPS SQL注入漏洞

OpenSIPS is an SIP server implementation licensed under the GPL for individual OpenSIPS developers. Versions of OpenSIPS prior to 3.6.4 contained a SQL injection vulnerability. This vulnerability stems from the jwtdbauthorize function in the authjwt module, which allows for SQL injections,...

CVE-2025-14472 Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3...

TencentOS Server 4: mbedtls (TSSA-2025:0533)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

UBUNTU-CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

CVE-2025-59438

CVE-2025-59438 affects Mbed TLS up to version 3.6.4, describing an observable timing discrepancy in the library. Multiple connected advisories indicate the issue is addressed by upgrading to 3.6.5 (e.g., Fedora 43/Fedora 43 backports, openSUSE SUSE advisories), with references noting the fix as p...

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

CVE-2025-58648 WordPress Simple JWT Login plugin <= 3.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...

CVE-2023-36480

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-35764

Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting...

PT-2024-12480 · Unknown · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker versions prior to 3.6.4 Description: The issue is a stored cross-site scripting vulnerability. If exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product wi...

WordPress Plugin Play.ht security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

CVE-2022-28364

creationtimestamp| type| source ---|---|--- 2022-04-09 20:14:19+00:00| seen| https://t.me/cibsecurity/40430...

CVE-2021-3642

creationtimestamp| type| source ---|---|--- 2021-08-06 00:31:46+00:00| seen| https://t.me/cibsecurity/26904...

DEBIAN-CVE-2019-1010228

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress file dcrledec.h, line 122. The attack vector is: Many scenarios of DICOM file processing e.g. DICOM to image...

Python 'Wave_read._read_fmt_chunk' function denial of service vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in the 'waveread.readfmtchunk' function in the Lib/wave.py file in Python...

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5006364)

2021-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 KB5006364...