@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.0.0-broken <=1.58.3) +16 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.69)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.0.0-broken, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =0.11.2 - happyzebra-cli =0.11.2 and more Source cves: CVE-2026-24053 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15202063...

EUVD-2026-5171

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

org.apache.syncope.client.am:syncope-client-am-console (>=3.0.0 <=3.0.15), org.apache.syncope.client.idm:syncope-client-idm-console (>=3.0.0 <=3.0.15) +4 more potentially affected by CVE-2026-23795 via org.apache.syncope.client.idrepo:syncope-client-idrepo-console (>=3.0.0 <=3.0.15)

org.apache.syncope.client.idrepo:syncope-client-idrepo-console MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.15 Source cves: CVE-2026-23795 Source advisory: OSV:GHSA-73F3-RQQF-2J54...

EUVD-2026-5206

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1287 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1287 Source advisory: OSV:GHSA-GVG8-93H5-G6QQ...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2025-14550 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-14550 Source advisory: OSV:GHSA-33MW-Q7RJ-MJWJ...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2026-1287 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1287 Source advisory: OSV:PYSEC-2026-46...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-13473 Source advisory: OSV:PYSEC-2026-42...

CVE-2026-1751

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...

CVE-2025-69848

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting XSS vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper...

PT-2026-6332

Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software contains a flaw that allows for object injection. This issue is also identified as CORE-5668. Recommendations Update to version 5.13.3 or later...

Linux Distros Unpatched Vulnerability : CVE-2026-25128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0...

CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-36253

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-6590

CVE-2025-6590 concerns MediaWiki. The vulnerability allows an unauthorized actor to disclose sensitive information via the program file includes/htmlform/fields/HTMLUserTextField.Php, affecting MediaWiki versions from any up to 1.39.12, 1.42.76, 1.43.1, and 1.44.0. The Red Hat description confirm...

CVE-2025-6594 XSS in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.27.0 before...

@amedia/brick-mcp (>=0.0.0-vEXPORT-20260113150210 <=0.1.5), @andesite-lab/andesite-core (=1.60.2) +260 more potentially affected by CVE-2026-25224 via fastify (>=5.0.0-alpha.2 <=5.7.2)

fastify NPM version =5.0.0-alpha.2, =0.0.0-vEXPORT-20260113150210, =2.0.1, =1.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =6.0.0, =0.2.305, =1.0.6, =1.0.22 and more Source cves: CVE-2026-25224 Source advisory: SNYK:JS-FASTIFY-15182641...

CVE-2025-36253 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Security Bulletin: A SQL Injection vulnerability has been addressed in IBM Aspera Console

Summary A SQL Injection attack could allow specially crafted SQL statements into the appication which could impact the data in the back-end database. This issue has been addressed in IBM Aspera Console version 3.4.8 FP1. Vulnerability Details CVEID:CVE-2025-13379 DESCRIPTION: IBM Aspera Console i...

CVE-2026-1751

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions...