WordPress Nexter Blocks plugin <= 4.7.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Nexter Blocks versions = 4.7.0...

CVE-2026-33401 Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

CVE-2026-33400

CVE-2026-33400 affects Wallos, an open-source self-hosted personal subscription tracker. Prior to version 4.7.0, a stored XSS vulnerability existed in the payment method rename endpoint, allowing any authenticated user to inject arbitrary JavaScript that runs when users visit Settings, Subscripti...

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

CVE-2022-37015

Symantec Endpoint Detection and Response SEDR Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected fro...

CVE-2025-67495 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

JLSEC-2025-318 A vulnerability was found in LibTIFF up to 4.7.0

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

CVE-2025-12246

The CVE-2025-12246 entry concerns chatwoot versions up to 4.7.0, specifically the Admin Interface file app/javascript/shared/components/IframeLoader.vue. The vulnerability arises from manipulation of the Link argument, enabling cross-site scripting. Exploitation is described as remote, but no in‑...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2025-2234)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2018-12807

Malware in sbrugna...

EUVD-2024-36886

Malicious code in bioql PyPI...

CVE-2025-11013

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xmlparsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local...

CVE-2025-11012

A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgsbuffer can lead to stack-based buffer overflow. The attack can only be...

BehaviorTree.CPP 安全漏洞

BehaviorTree.CPP is a library for behavior trees in C++ open-sourced by BehaviorTree. A security vulnerability exists in BehaviorTree.CPP version 4.7.0 and earlier, which stems from incorrect manipulation of the parameter errormsgsbuffer in the file /src/scriptparser.cpp, which could result in a...

Linux Distros Unpatched Vulnerability : CVE-2023-2617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function...

OESA-2025-1921 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

CVE-2025-40719

CVE-2025-40719 affects Quiter Gateway, with vulnerable versions prior to 4.7.0. The underlined issue is a Reflected XSS in the id_concesion parameter of the endpoint “/FacturaE/VerFacturaPDF,” allowing an attacker to execute JavaScript in the victim’s browser. Public sources consistently identify...

CVE-2025-40716

CVE-2025-40716 is a SQL injection in Quiter Gateway prior to v4.7.0, exploitable via the suceso.contenido mensaje parameter in /QMSCliente/Sucesos.action. The flaw enables an attacker to retrieve, create, update and delete databases through that endpoint. Affected product: Quiter Gateway; vulnera...

CVE-2025-40714 SQL injection vulnerability in Quiter Gateway

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo idfactura in /FacturaE/listadofacturasficha.jsp...