GHSA-X5HG-X4GV-J98M OpenSearch has ineffective TLS certificate hostname verification

Description A regression was introduced in OpenSearch 2.18.0 that caused the plugins.security.ssl.transport.enforcehostnameverification setting to be ineffective. When this setting was enabled, OpenSearch did not verify that the hostname in a connecting node's TLS certificate matched the hostname...

PT-2026-41472

Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw in the OpenSearch Security plugin occurs during the handling of index rollover requests. When a request includes an explicit target index name, the...

Security Bulletin: Due to use of jackson-core-2.19.4.jar, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS) issue.

Summary jackson-core-2.19.4.jar is used by IBM Sterling Connect:Direct Web Services WS-2026-0003. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints...

CVE-2025-49962 WordPress bbPress Notify plugin <= 2.19.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through = 2.19.5...

CVE-2025-49962

The CVE-2025-49962 entry concerns the WordPress bbPress Notify plugin (bbpress-notify-nospam) with a Reflected XSS vulnerability due to improper handling/escaping of user-supplied data when generating web pages. Affected versions include bbPress Notify up to 2.19.4 (and related references indicat...

PT-2025-43223

Name of the Vulnerable Software and Affected Versions bbPress Notify versions through 2.19.4 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This issue exists in t...

EUVD-2025-28104

Malicious code in bioql PyPI...

CVE-2025-47619

CVE-2025-47619 affects WordPress plugin 6Storage Rentals (vulnerable until 2.19.4; patch available in later releases, e.g., 2.20.0). The issue is a Missing Authorization vulnerability that enables Path Traversal, allowing an unauthenticated or limited-auth user to access restricted files via path...

WordPress plugin 6Storage Rentals 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...