OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a SQL injection...

PT-2026-21888

Name of the Vulnerable Software and Affected Versions Advanced Woo Labels versions prior to 2.3 Description The Advanced Woo Labels plugin for WordPress is susceptible to Remote Code Execution due to the use of call user func array with user-controlled callback and parameters in the get select...

tfplan2md 安全漏洞

tfplan2md is a Markdown document generation tool developed by Mathias Raacke. Versions of tfplan2md prior to 1.26.1 contained security vulnerabilities; these vulnerabilities stemmed from defects in multiple rendering paths, which could lead to the exposure of sensitive values...

SUSE-SU-2026:0613-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

Security update for python36

This update for python36 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

GHSA-8R55-RV5W-6PFM Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555

CVE-2025-27555 concerns Apache Airflow prior to 2.11.1 where authenticated users with audit log access can see sensitive connection parameters logged by the system when set via the airflow CLI. The underlying issue is that these sensitive values were stored unencrypted in the Airflow database and...

EUVD-2025-207547

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

EUVD-2026-7408

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

Stack-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Stack-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

SUSE CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

ROS-20260224-73-0016

Vulnerability in moodle related to lack of element neutralization in csv file. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

WordPress Simple Membership plugin <= 4.7.0 - Unauthenticated Improper Handling of Missing Values vulnerability

Unauthenticated Improper Handling of Missing Values vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Simple Membership versions = 4.7.0...