CLEANSTART-2026-GN78570 Security fixes for CVE-2025-11579, CVE-2026-1229, CVE-2026-21726, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32282, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-jhf3-xxhw-2wpp, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-x6gf-mpr2-68h6, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.12.1-r2, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-20910

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution...

CVE-2026-25109

CVE-2026-25109 affects XWEB Pro prior to 1.12.1. The vulnerability is an OS command injection in the devices field on the /get setup route, exploitable by an authenticated attacker to achieve remote code execution. Public sources (NVD, Red Hat, EUVD) confirm the impact and vulnerable version rang...

PT-2026-20273

Name of the Vulnerable Software and Affected Versions URL Shortify plugin for WordPress versions prior to 1.12.2 Description The URL Shortify plugin for WordPress is susceptible to an Open Redirect issue in all versions up to and including 1.12.1. This is due to inadequate validation of the...

Grafana Databricks Datasource Plugin 安全漏洞

Grafana Databricks Datasource Plugin is an open source datasource connection plugin for Grafana. A security vulnerability exists in Grafana Databricks Datasource Plugin version 1.12.1 through versions prior to 1.12.0, which stems from the incorrect use of user identifiers when Oauth passthrough i...

remak42 Code Issue Vulnerability

remak42 is a self-hosted, lightweight and simple but fully functional comment engine that does not spy on users. A security vulnerability exists in remak42 1.12.1 and earlier versions, which stems from the presence of a server request forgery SSRF vulnerability...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue in versions 1.12.0 and 1.12.1, which stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An attacker cou...

Portable UPnP SDK Code Issue Vulnerability

Portable UPnP SDK is a portable Universal Plug and Play UPnP software development kit SDK. Portable UPnP SDK 1.12.1 and earlier versions of the genlib/servicetable/servicetable.c file have 'FindServiceControlURLPath' and 'FindServiceEventURLPath' functions are vulnerable to a code issue. A remote...

com.credibledoc:log-labelizer (>=1.0.40 <=1.0.44), com.novocode:ornate_2.11 (>=0.3 <=0.5) +102 more potentially affected by CVE-2020-11022 via org.webjars.npm:jquery (>=1.12.1 <=3.4.1)

org.webjars.npm:jquery MAVEN version =1.12.1, =1.0.40, =0.3, =1.3.0, =1.3.0, =1.3.0, =3.2.0, =2.4.0, =3.0.0, =3.1.0, =4.1.3 - de.digitalcollections:streaming-server-euphoria =3.0.0 and more Source cves: CVE-2020-11022 Source advisory: OSV:GHSA-GXR4-XJJ5-5PX2...