CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +233 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:PYSEC-2026-25...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 0xgasless-mcp (>=1.0.3 <=1.0.5) +15743 more potentially affected by CVE-2026-41907 via uuid (>=0.0.1 <=11.1.0)

uuid NPM version =0.0.1, =0.1.0-dev.0de2bc6, =1.0.3, =0.0.0-20251106131028, =0.1.0, =3.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.11.0, =0.1.1, =0.2.0-dev.260310.cf511cb and more Source cves: CVE-2026-41907 Source advisory: OSV:GHSA-W5HQ-G745-H8PQ...

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +469 more potentially affected by CVE-2026-40347 via python-multipart (>=0.0.10 <=0.0.24)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-40347 Source advisory: SNYK:PYTHON-PYTHONMULTIPART-16078395...

CVE-2026-4706

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

@0xwork/connect (>=0.1.0 <=0.1.8), @agenr/agenr-plugin (>=1.6.0 <=2.1.0) +155 more potentially affected by CVE-2026-30741 via openclaw (>=0.0.1 <=2026.5.7)

openclaw NPM version =0.0.1, =0.1.0, =1.6.0, =1.1.0, =0.1.0, =1.0.5, =0.3.5, =1.0.3, =0.0.1, =0.1.0, =1.0.9, =2026.2.4, =2026.3.3 and more Source cves: CVE-2026-30741 Source advisory: SNYK:JS-OPENCLAW-15627890...

CVE-2025-61646 Watchlist group mode reveals authors of edits with hidden authorship

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

firefox: thunderbird: Spoofing issue in Firefox

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in Firefox...

CVE-2023-3484

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations...

CVE-2024-4056

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 excluding 24.2 LTS allows unauthenticated user to consume computing resources...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49382 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49382 Source advisory: OSV:GHSA-6V55-H6M5-2352...

Talend Studio 安全漏洞

Talend Studio is a software application from Talend, Inc. A security vulnerability exists in Talend Studio versions prior to 7.3.1-R2022-10 and 8.x versions prior to 8.0.1-R2022-09, which stems from a vulnerability that allows unauthenticated access to the Jolokia endpoint for microservices...

cifar-10-model (=7.4.0), gamornet-cpu (>=0.2.3 <=0.4.3) +8 more potentially affected by CVE-2023-25676 via tensorflow-cpu (>=1.15.0 <=2.11.0)

tensorflow-cpu PYPI version =1.15.0, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-25676 Source advisory: OSV:GHSA-6WFH-89Q8-44JQ...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35992 via tensorflow (>=1.0.1 <=2.7.1)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35992 Source advisory: OSV:GHSA-9V8W-XMR4-WGXP...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-35941 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35941 Source advisory: OSV:GHSA-MGMH-G2V6-MQW5...

DEBIAN-CVE-2021-25633

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29595 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29595 Source advisory: OSV:GHSA-VF94-36G5-69V8...

UBUNTU-CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

UBUNTU-CVE-2016-6127

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...

CVE-2017-6030

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...