CVE-2026-40886

The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...

DEBIAN-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-25834

CVE-2026-25834 is disclosed in the OpenSUSE/SUSE advisories linked to ovmf and is tied to mbed TLS 3.6.x. The OpenSUSE OpenSUSE-SU-2026:20875-1 advisory describes CVE-2026-25834 as: the client accepts a signature algorithm chosen by the server even if it was not advertised in the client hello. Th...

CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

CVE-2025-12076

The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Linux Distros Unpatched Vulnerability : CVE-2019-10188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz...

Apache CXF 资源管理错误漏洞

Apache CXF is an open source Web services framework from the US Apache Apache Foundation. The framework supports a variety of Web services standards, a variety of front-end programming APIs and so on. A resource management error vulnerability exists in Apache CXF versions prior to 3.5.10, 3.6.5,...

WordPress TPG Get Posts plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin TPG Get Posts versions = 3.6.5...

PT-2023-30470 · Unknown · Master Slider Pro

Name of the Vulnerable Software and Affected Versions: Master Slider Pro versions 3.6.5 and earlier Description: The issue is related to the deserialization of untrusted data. This can potentially lead to security risks, as deserializing untrusted data can allow an attacker to execute malicious...

PT-2023-30469 · Unknown · Master Slider Pro

Name of the Vulnerable Software and Affected Versions: Master Slider Pro versions n/a through 3.6.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

GHSA-5GHQ-28R7-QWFJ Mattermost Server does not restrict SAML certificate path for System Administrators

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname...

UBUNTU-CVE-2019-10187

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to...

Joomla! cross-site scripting vulnerability (CNVD-2017-06584)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions 3.2.0 through 3.6.5. The vulnerability arises due to insufficient filtering. Allows...