Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin

Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...

CVE-2025-68871

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through = 2.3.0...

PT-2026-3979

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through = 2.3.0...

PT-2026-1311

Name of the Vulnerable Software and Affected Versions muffon versions prior to 2.3.0 Description muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a Remote Code Execution RCE issue. An attacker can exploit this by embedding a specially crafted muffon://...

CVE-2025-8696

The CVE-2025-8696 issue affects ISC Stork UI/server versions 1.0.0 through 2.3.0, where an unauthenticated client that sends large amounts of data can cause memory and disk usage problems on the Stork server. This is described consistently across multiple sources (NVD, RH, CVE listing, and Snyk) ...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when processing malformed data. An attacker can access sensitive information by submitting specially crafted malformed input that causes error messages to include confidential data in...

CVE-2025-27359

Cross-Site Request Forgery CSRF vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through = 2.3.2...

CVE-2025-48236 WordPress bunny.net plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through = 2.3.0...

PT-2024-30557 · Apollo · Apollo

Name of the Vulnerable Software and Affected Versions: Apollo versions prior to 2.3.0 Description: A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks, enabling them to modify a namespace without the necessar...

WordPress plugin WooCommerce One Page Checkout 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-5142 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.0 Description: The issue is related to the transmission of syslog traffic in clear text, which could allow an unauthenticated, remote attacker to capture sensitive information. This could potentially lead ...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.0.0 through 2.3.0 that stems from the presence of a parameter injection vulnerability...

PT-2024-23944 · Woocommerce · Wholesale For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wholesale For WooCommerce versions prior to 2.3.0 Description: A Missing Authorization issue affects the Wholesale For WooCommerce plugin. Recommendations: For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue...

PT-2024-14943 · WordPress · Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Debug Log Manager WordPress plugin versions prior to 2.3.0 Description: A Directory listing issue was discovered, allowing unauthorized access to download the debug log and potentially gain access to sensitive data. Recommendations: For...

PT-2023-32539 · Unknown · Bowo Debug Log Manager

Name of the Vulnerable Software and Affected Versions: Bowo Debug Log Manager versions through 2.3.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have...

GPAC Code Issue Vulnerability

GPAC is an open source multimedia framework. A code issue vulnerability exists in versions prior to GPAC 2.3.0-DEV that stems from the presence of a NULL pointer dereference...

@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37257 via steal (>=0.12.9 <=2.3.0)

steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37257 Source advisory: OSV:GHSA-93Q5-3XPC-8VG3...

org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0709 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)

org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0709 Source advisory: OSV:GHSA-W47P-5Q88-HJ5G...