CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

Astra Linux – Vulnerability in Python-Django

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload was never supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However, Django’...

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

PT-2026-34578

Name of the Vulnerable Software and Affected Versions IBM Guardium Key Lifecycle Manager versions 4.1 through 5.1 Description An issue exists in IBM Guardium Key Lifecycle Manager that may lead to a security compromise. Recommendations At the moment, there is no information about a newer version...

CVE-2025-67993

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.2.1...

EUVD-2025-26705

Malicious code in bioql PyPI...

PT-2025-35869

Name of the Vulnerable Software and Affected Versions: Easy Timer plugin for WordPress versions prior to 4.2.2 Description: The Easy Timer plugin for WordPress is susceptible to Remote Code Execution through its shortcodes. This is caused by inadequate restriction of shortcode attributes,...

Linux Distros Unpatched Vulnerability : CVE-2021-37156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is fo...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

fprime-ci (=0.0.1a1), fprime-fpy (>=0.0.1a1 <=0.3.2) +1 more potentially affected by CVE-2024-55030 via fprime-gds (>=4.2.1 <=4.2.2a1)

fprime-gds PYPI version =4.2.1, =0.0.1a1, =0.1.0, =0.1.2 Source cves: CVE-2024-55030 Source advisory: SNYK:PYTHON-FPRIMEGDS-9749309...

WordPress plugin Save as PDF Plugin by Pdfcrowd 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2024-10437

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

PT-2024-14197 · Webtoffee · Woocommerce Pdf Invoices

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions 4.2.1 and earlier Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in WebToffee WooCommerce PDF Invoices,...

SUSE CVE-2014-2022

SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...

Rundeck plaintext storage vulnerability

Rundeck is an open source automation service with a Web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. versions 4.2.0 and 4.2.1 of Rundeck contain a plaintext storage vulnerability that stems from not properly enabling the Key Storage...

Mattermost Server allows users with a session ID to revoke another users' session

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

GHSA-8QG8-C7MW-6FJ7 Mattermost Server is vulnerable to Directory Traversal by System Admins

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...

com.alilitech:boot-plus-generator (>=1.1.0 <=1.3.7), com.alilitech:boot-plus-log (>=1.2.0 <=2.0.5) +48 more potentially affected by CVE-2019-8331 via org.webjars:bootstrap (>=4.0.0 <=4.2.1)

org.webjars:bootstrap MAVEN version =4.0.0, =1.1.0, =1.2.0, =1.1.0, =1.16.0, =3.2.2, =1.0.3.RELEASE, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =2.0.0, =2.3.0 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

Pydio Remote Code Execution Vulnerability (CNVD-2018-21606)

Pydio formerly known as AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A security vulnerability exists in Pydio versions 4.2.1 through 8.2.1. A remote attacker can exploit the vulnerability to...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06714)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...