CVE-2026-49009

Northern.tech Mender Server suffers a Directory Traversal vulnerability (CVE-2026-49009) affecting v4.0.1 and earlier and v4.1.0 and earlier. The issue is resolved in v4.0.2 and v4.1.1. Public sources describe it as an input sanitization/access control problem that enables traversal outside inten...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

Astra Linux - уязвимость в wireshark

A memory leak occurs in the NFS dissector in Wireshark versions 4.0.0 to 4.0.2, and 3.6.0 to 3.6.10. This issue may lead to denial of service through packet injection or with specially crafted capture files...

Security update for plexus-utils

This update for plexus-utils fixes the following issue: Security fixes: CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes Specify /D for cmd.exe to bypass the Command Processor Autorun folder Dependency...

SUSE-SU-2026:1396-1 Security update for plexus-utils

This update for plexus-utils fixes the following issue: Security fixes: - CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes + Specify /D for cmd.exe to bypass the Command Processor Autorun folder...

EUVD-2026-20158

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

CVE-2026-39488

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

CVE-2026-39488

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

WordPress plugin SureCart 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

plexus-utils-4.0.2-2.1 on GA media (moderate)

plexus-utils-4.0.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10439-1 Rating: moderate Cross-References: CVE-2025-67030 CVSS scores: CVE-2025-67030 SUSE : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2025-67030 SUSE : 6.3...

RealtyScript 跨站请求伪造漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, which may allow unverified attackers to create unauthorized user...

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Corporation. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of multiple parameters, which may allow attackers to inject malicious input a...

CVE-2015-20114 RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

PT-2026-20720

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

WordPress WebPurify Profanity Filter plugin <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options vulnerability

Missing Authorization to Unauthenticated Plugin Settings Change via webpurifysaveoptions vulnerability discovered by 0x34rth in WordPress Plugin WebPurify Profanity Filter versions = 4.0.2...

CVE-2026-0572

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurifysaveoptions' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settin...

WordPress plugin WebPurify Profanity Filter 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-1782

Name of the Vulnerable Software and Affected Versions Luxul XWR-600 versions prior to 4.0.2 Description A cross-site scripting issue exists in the Web Administration Interface component of Luxul XWR-600. The issue is triggered by manipulating the SSID argument within the Guest Network/Wireless...