CVE-2026-34218

ClearanceKit on macOS had a startup window where only the compile-time baseline policy was enforced by opfilter, delaying application of all managed and user-defined file-access rules until the GUI mutated policies via XPC. This allowed per-process access policies to be temporarily unenforced dur...

PT-2026-29276

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

WordPress MultiVendorX plugin <= 4.2.14 - Unauthenticated Limited Local File Inclusion vulnerability

Unauthenticated Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin MultiVendorX versions = 4.2.14...

Django vulnerable to user enumeration attack

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

PYSEC-2024-58

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...