JLSEC-2026-378

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

CVE-2026-40096

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

EUVD-2026-22816

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

CVE-2026-40096

Immich (self-hosted photo/video manager) contains an open redirect in rendering via the shared album name in API code (api.service.ts) affecting versions prior to 2.7.3. An attacker can craft a shared album name that injects a URL into a meta refresh, causing a victim opening the shared link to ...

EUVD-2026-16271

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

CVE-2025-68031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

CVE-2025-58464

Summary: CVE-2025-58464 affects QuMagie with a relative path traversal vulnerability. Multiple sources (NVD, Red Hat, ENISA EUVD) describe a flaw that could allow a remote attacker to read contents of unexpected files or system data. Affected software: QuMagie (prior to version 2.7.3). Vulnerabil...

PT-2025-45436

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.7.3 Description A relative path traversal issue exists in QuMagie. A remote attacker may be able to read the contents of unexpected files or system data by exploiting this issue. Recommendations Update to QuMagie...

CVE-2025-58809

CVE-2025-58809 affects the WordPress plugin “To Lead For Salesforce.” The vulnerability is a Cross-Site Request Forgery (CSRF) vulnerability that can also enable a reflected XSS. Affected versions are listed as n/a through 2.7.3.9. Remediation per sources is to update to a version later than 2.7....

WordPress WP Abstracts plugin <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability discovered by SOPROBRO in WordPress Plugin WP Abstracts versions = 2.7.3...

PT-2024-30876

Name of the Vulnerable Software and Affected Versions Catch Themes Full frame versions 2.7.2 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability. This...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

PT-2024-21786 · Ibm · Vios +1

Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS versions 3.1 through 4.1 Description: The Unix domain datagram socket implementation in IBM AIX could potentially expose applications using Unix domain datagram sockets with the SO PEERID operation, which...

SUSE CVE-2020-36382

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...

GHSA-J3CH-VJPH-8Q6V Command injection in Alluxio

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2022-0273

creationtimestamp| type| source ---|---|--- 2022-01-30 16:23:55+00:00| seen| https://t.me/cibsecurity/36567...

OpenVPN 代码问题漏洞

Openvpn OpenVPN is a software package for creating virtual private network VPN encrypted tunnels from the US-based OpenVPN Openvpn, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an e-certificate, or a...

VulnCheck KEV: CVE-2017-15718

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...

DEBIAN-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...