PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

GO-2026-4647 x402 SDK Security Advisory in github.com/coinbase/x402/go

x402 SDK Security Advisory in github.com/coinbase/x402/go. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to...

CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

PT-2026-23358

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

📄 Serendipity 2.5.0 PHP Code Injection

Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...

WordPress plugin eHive Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CLSA-2026-1767798754 expat: Fix of 3 CVEs

Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser part of 839, reject direct parameter entity recursion part of 839 - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion...

CVE-2025-68617 Use after free in fluidsynth

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

OESA-2025-1958 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in ...

Dicoogle PACS Web Server 安全漏洞

Dicoogle PACS Web Server is a medical image archiving and communication system server from Dicoogle Open Source. A security vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and earlier, which stems from a path traversal flaw that could lead to reading arbitrary files...

CVE-2025-31636 WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

CVE-2024-38720

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0...

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Simple Google Calendar Outlook Events Block Widget versions = 2.5.0...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

PaddlePaddle 资源管理错误漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle versions prior to 2.5.0, which stems from a Use after free vulnerability. An attacker could use this vulnerability to perform unauthorized operations or...

WordPress Plugin Jupiter X Core 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

SUSE CVE-2021-29543

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

SUSE CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...