PT-2026-48806

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

CVE-2026-9358

A flaw was found in postcss. A remote attacker could exploit a vulnerability in the toString function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service DoS condition, making the affected...

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

CVE-2026-39335

ChurchCRM is affected by a Stored XSS in unescaped data-* attributes used in the Group remove control and Family editor state/country prior to version 7.1.1. The issue is fixed in 7.1.1. Impact is described as admin-to-admin stored XSS; CVSS metrics indicate Confidentiality/Integrity impact High,...

CLEANSTART-2026-YN08405 Security fixes for GHSA-F6X5-JH6R-WRFV, GHSA-J5W8-Q4QC-RX2X applied in versions: 7.1.1-r7

Multiple security vulnerabilities affect the minio-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-68849

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through = 7.1.1...

CVE-2025-68849

CVE-2025-68849 — Quote Master WordPress plugin (

Linux Distros Unpatched Vulnerability : CVE-2025-68469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a...

CVE-2025-68469 ImageMagick vulnerable to heap-buffer-overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

CVE-2025-68469 ImageMagick vulnerable to heap-buffer-overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

CVE-2025-68469

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

GHSA-RG58-XHH7-MQJW Apache Struts has a Denial of Service vulnerability

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency Vulnerability in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

EUVD-2025-200019

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

EUVD-2017-4751

Malware in sbrugna...

EUVD-2017-1055

Malware in sbrugna...

EUVD-2020-4200

Malware in sbrugna...

EUVD-2025-12198

Malicious code in bioql PyPI...

CVE-2025-51966

A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...