CVE-2025-69103

CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

CVE-2026-40985

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

IBM DevOps Plan 安全漏洞

IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. There were security vulnerabilities in versions 3.0.0 to 3.0.6 of IBM DevOps Plan. These vulnerabilities stemmed from improper input validation of the...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-40861 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-40861 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137558...

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

UBUNTU-CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

EUVD-2026-31738

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

CVE-2026-44069 Integer underflow in volxlate

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s B44 uncompression functionality in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting the availability of the application...

BIT-MODSECURITY-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +72 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-autoconfigure (>=3.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-autoconfigure MAVEN version =3.0.0-M1, =0.4.0, =0.4.0, =3.2.1, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =4.0.0-rc.39, =4.0.0-rc.39, =4.0.0-rc.39, =5.0.2, =5.1.1 and more Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799817...

Apache OpenNLP 安全漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an Out-of-Bounds Read in the generalLumaToYUV444 function. This Out-of-Bounds Read occurs because processing is performed on the in variable without checkin...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

org.apache.camel.kafkaconnector:camel-sjms-batch-kafka-connector (>=0.1.0 <=0.11.0), org.apache.camel.kafkaconnector:camel-sjms-kafka-connector (>=0.1.0 <=0.11.5) +21 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-sjms (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-sjms MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =4.10.3, =1.0.0, =2.2.0, =1.0.0-M1, =2.2.0, =2.2.0, =2.2.0, =2.2.0, =3.19.0, =1.0.0, =3.2...

CVE-2026-39973

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...