PT-2026-48311

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Description Applications may be subject to denial of service through resource exhaustion. This...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use FreeRDP versions prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, do not use the NSC...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients and servers that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. There are no known workarounds available...

EUVD-2026-18064

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

UBUNTU-CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-27210

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

CVE-2025-66491 Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...

EUVD-2024-30278

Malicious code in bioql PyPI...

PT-2025-40288

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.1 Description Discourse, an open-source community discussion platform, is affected by a cross-site scripting XSS issue. The issue stems from how the platform parses and renders chat channel titles and chat threa...

PT-2025-39107

Name of the Vulnerable Software and Affected Versions Emarket-design YouTube Showcase versions through 3.5.0 Description The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS issue. Specifically, the vulnerability allows...

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mtons mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to misuse of the parameter input in the file /admin/options/update...

PT-2025-34723 · Mblog · Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A flaw has been found in mtons mblog up to version 3.5.0. The issue affects an unknown function within the /search file. Manipulation of the kw argument causes cross-site scripting. The attack...

WordPress Easy Digital Downloads plugin <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability

Cross-Site Request Forgery to Plugin Deactivation via eddsendwpdisconnect and eddsendwpremoteinstall Functions vulnerability discovered by wesley wcraft in WordPress Plugin Easy Digital Downloads versions = 3.5.0...

PT-2025-25401 · Ricoh · Ricoh Streamline Nx V3 Pc Client

Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0 Description: A path traversal vulnerability exists in the RICOH Streamline NX V3 PC Client. If this vulnerability is exploited, arbitrary code may be executed on the PC where the...

CVE-2025-47483

Server-Side Request Forgery SSRF vulnerability in Iulia Cazan Easy Replace Image easy-replace-image allows Server Side Request Forgery.This issue affects Easy Replace Image: from n/a through = 3.5.0...

PT-2025-7608 · Unknown · Grimdonkey Magic The Gathering Card Tooltips

Name of the Vulnerable Software and Affected Versions: grimdonkey Magic the Gathering Card Tooltips versions n/a through 3.5.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means...

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)

org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory: OSV:GHSA-57M2-H3FW-RXHW...

WordPress plugin SSL Wireless SMS Notification SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions 3.5.0 through 3.6.1 that stems from a buffer underrun in pkwrite when writing opaque key pairs...