PT-2026-45696

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в libarchive

“executefilteraudio” in “archivereadsupportformatrar.c” in “libarchive” before version 3.7.5 allows out-of-bounds access via a crafted archive file, as “src” can move beyond “dst”...

CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...

CVE-2024-45301

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

EUVD-2019-10930

Malware in sbrugna...

EUVD-2023-2577

Malicious code in bioql PyPI...

EUVD-2025-27945

Malicious code in bioql PyPI...

Arbitrary Command Injection

Overview codeceptjs is a Supercharged End 2 End Testing Framework for NodeJS Affected versions of this package are vulnerable to Arbitrary Command Injection via the emptyFolder function. An attacker can execute arbitrary system commands by supplying crafted input to the directoryPath parameter...

Linux Distros Unpatched Vulnerability : CVE-2023-41886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any...

Linux Distros Unpatched Vulnerability : CVE-2023-41887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any...

CVE-2023-30782

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.5 versions...

CVE-2022-4878

A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The nam...

CVE-2022-28930

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml...

CVE-2025-48344

Cross-Site Request Forgery CSRF vulnerability in ed4becky Rootspersona rootspersona allows Cross Site Request Forgery.This issue affects Rootspersona: from n/a through = 3.7.5...

CVE-2025-48344

Cross-Site Request Forgery CSRF vulnerability in ed4becky Rootspersona rootspersona allows Cross Site Request Forgery.This issue affects Rootspersona: from n/a through = 3.7.5...

CVE-2025-48344 WordPress Rootspersona plugin <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ed4becky Rootspersona rootspersona allows Cross Site Request Forgery.This issue affects Rootspersona: from n/a through = 3.7.5...

CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager

October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...