CLEANSTART-2026-NT10973 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.1.1-r3, 2.1.1-r6, 2.1.1-r7

Multiple security vulnerabilities affect the spark-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-8995

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...

CVE-2020-23660

webTareas v2.1 is affected by Cross Site Scripting XSS on "Search."...

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

WordPress Site Search 360 plugin <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Site Search 360 versions = 2.1.6...

PT-2023-26797 · Zip Swift · Zip Swift

Name of the Vulnerable Software and Affected Versions: Zip Swift version 2.1.2 Description: The issue allows attackers to execute a path traversal attack via a crafted zip entry. This enables attackers to potentially access or modify files outside the intended directory, posing a security risk...

PT-2023-8903

Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.4.0 Rack versions 3.0.0 through 3.0.0.0 Description A denial of service vulnerability in the multipart parsing component of Rack could allo...

Pion DTLS 安全漏洞

Pion DTLS is a Go-based implementation of DTLS Packet Transport Layer Security Protocol. A security vulnerability exists in Pion DTLS versions prior to 2.1.4 that stems from an uncapped buffer for inbound network traffic. An attacker exploited the vulnerability to cause excessive memory usage...

PYSEC-2021-741

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

北京坤豆 Mubu 授权问题漏洞

Mubu is a platform for online writing from Mubu, a company based in Beijing, China. An authorization issue vulnerability exists in Mubu version 2.2.1, which stems from its failure to strictly limit user privileges and can be exploited by a local attacker to execute system commands...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2019-04442)

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

Hiroshi Yuki YukiWiki Denial of Service Vulnerability

Hiroshi Yuki YukiWiki is a Wiki engine. A security vulnerability exists in Hiroshi Yuki YukiWiki 2.1.3 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service significant consumption of CPU and memory resources...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2332

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment...