EUVD-2026-37131

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

CLEANSTART-2026-LT10352 Security fixes for CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-35469, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-f6x5-jh6r-wrfv, ghsa-hfvc-g4fc-pqhx, ghsa-j5w8-q4qc-rx2x, ghsa-pc3f-x583-g7j2, ghsa-xmrv-pmrh-hhx2 applied in versions: 2.11.913-r0, 2.11.913-r1, 2.9.0-r0

Multiple security vulnerabilities affect the jitsucom-bulker package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

EUVD-2025-199878

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...

Apache Kvrocks 安全漏洞

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an elevation of privilege vulnerability that is caused by improper privilege management in the RESET command. An attacker can exploit this vulnerability to gain administrator...

EUVD-2022-45055

Malicious code in bioql PyPI...

Rancher 跨站脚本漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations deploying containers in production environments. A cross-site scripting vulnerability exists in Rancher versions 2.9.0 through prior to 2.9.4, which stems from improperly...

PT-2025-2922 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.9.0 through 2.9.3 Description: A vulnerability in the Rancher UI allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects Rancher versions from 2.9.0 to 2.9.3. The...

Wordpress ShopLentor plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via WL Product Horizontal Filter Widget vulnerability discovered by wesley wcraft in WordPress Plugin ShopLentor versions = 2.9.0...

BIT-TENSORFLOW-2022-29206 Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...

CVE-2023-52128

Cross-Site Request Forgery CSRF vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0...

PT-2024-14425 · WordPress · White Label – Wordpress Custom Admin

Name of the Vulnerable Software and Affected Versions: White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard versions 2.9.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user...

SUSE CVE-2012-5882

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208...

SUSE CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

SUSE CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 2.8.1 and earlier, and 2.9.0.beta.13 and earlier. An attacker can exploit this vulnerability to...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41893 via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41893 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41893 Source advisory: OSV:GHSA-67PF-62XR-Q35M...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41886 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41886 Source advisory: OSV:GHSA-54PP-C6PP-7FPX...

aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-41885 via tensorflow (>=2.9.0 <=2.9.0rc2)

tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...