20 matches found
CLEANSTART-2026-VD47610 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-25934, CVE-2026-26958, CVE-2026-27136, CVE-2026-27145, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8, ghsa-crhj-59gh-8x96, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-p436-gjf2-799p, ghsa-qw64-3x98-g7q2, ghsa-w5pp-99ch-qj29, ghsa-w8rr-5gcm-pp58 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.3-r0, 4.0.4-r0, 4.0.4-r1, 4.0.5-r0
Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...
YAFNET 跨站脚本漏洞
YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient HTML cleaning or output encoding during postings and replies, whic...
Argo Workflows 安全漏洞
Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the Webhook Interceptor, which loaded the entire request body into...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5085 more potentially affected by CVE-2026-40976 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)
org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40976 Source advisory: OSV:GHSA-8V8J-3HXP-93WR...
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...
CVE-2026-39704 WordPress Precious Metals Automated Product Pricing – Pro plugin <= 4.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/...
SUSE CVE-2017-18897
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection...
WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...
CVE-2025-62141 WordPress Wawp plugin <= 4.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5...
EUVD-2025-206041
Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5...
CVE-2022-47424
Cross-Site Request Forgery CSRF vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1...
PT-2024-11755 · Repute Infosystems · Armember +1
Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. This is a type of...
0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1915 more potentially affected by CVE-2023-32695 via socket.io-parser (>=4.0.5 <=4.2.2)
socket.io-parser NPM version =4.0.5, =1.0.49, =1.0.0, =0.0.28, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =0.0.9 and more Source cves: CVE-2023-32695 Source advisory: OSV:GHSA-CQMJ-92XF-R6R9...
CVE-2022-31361
Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
UBUNTU-CVE-2022-26846
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code...
Spree Authorization Bypass Vulnerability
Spree is a personal developer of an open source mall developed using Ruby on Rails. A security vulnerability exists in Spree versions 3.7 through 3.7.13, 4.0.5, and 4.1.12, which stems from an authorization bypass vulnerability. An attacker can exploit the vulnerability to query the API v2 order...
BaserCMS Code Execution Vulnerability
baserCMS is an enterprise-level content management system CMS. A code execution vulnerability exists in baserCMS versions 3.0.14 and earlier and 4.0.5 and earlier. An attacker can exploit this vulnerability to execute arbitrary PHP code on the server...
PYSEC-2015-26
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
PT-2014-3491 · Ruby +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.18 Ruby on Rails versions 4.0.x prior to 4.0.5 Ruby on Rails versions 4.1.x prior to 4.1.1 Description: The issue allows remote attackers to read arbitrary files via a crafted request, due to a directory...