OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

CVE-2026-35056 XenForo Remote Code Execution via Authenticated Admin

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

CVE-2025-64119 Nuvation Energy BMS Client-side Authentication

A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9...

CVE-2025-64258

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through = 2.3.9...

EUVD-2025-29651

Malicious code in bioql PyPI...

OneBlog 安全漏洞

OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog version 2.3.9, which stems from a flaw in the /api/comment endpoint that could lead to a denial-of-service attack...

CVE-2023-0780

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...

MongoDB Shell 注入漏洞

MongoDB Shell mongosh is an interactive database manipulation tool from the American company MongoDB. It is used to interact with the MongoDB database, execute commands and manipulate data. A security vulnerability exists in MongoDB Shell versions prior to 2.3.9 that stems from control character...

MongoDB Shell 安全漏洞

MongoDB Shell mongosh is an interactive database manipulation tool from the American company MongoDB. It is used to interact with the MongoDB database, execute commands and manipulate data. A security vulnerability exists in MongoDB Shell versions prior to 2.3.9 that stems from control character...

CVE-2023-2339

creationtimestamp| type| source ---|---|--- 2023-04-27 16:42:24+00:00| seen| https://t.me/cibsecurity/62974...

Exponent CMS 'src' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

Exponent CMS 'version' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

CVE-2002-2392

Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to 1 wsz and 2 wal files that contain embedded code...