CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

GDAL 安全漏洞

GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of gdal prior to 3.11.0 contain security vulnerabilities. These vulnerabilities stem from improper restrictions on memory buffer operations, which may lead to issues with the program file inftree9.C...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

CVE-2025-14472

CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1....

PT-2025-38753

Name of the Vulnerable Software and Affected Versions versions prior to 3.2 Description A timing attack issue exists in the SCRAM Java implementation due to the use of Arrays.equals for comparing sensitive values like client proofs and server signatures. Arrays.equals performs a short-circuit...

UBUNTU-CVE-2025-5916

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...

CVE-2024-44025

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5...

CVE-2025-30367

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information...

PT-2024-16787 · Valor Apps · Easy Folder Listing Pro

Name of the Vulnerable Software and Affected Versions: Valor Apps Easy Folder Listing Pro versions prior to 3.8 and 4.5 Description: The issue is a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! applicatio...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management, and problem management. A cross-site scripting vulnerability exists in Combodo...

CVE-2024-39567

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker t...

CVE-2024-39150

vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...

AZL-44562 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-5

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

PT-2024-19884 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on MacOS versions prior to 3.4 Description: An issue with improper validation of integrity check values in the upgrade process may allow local execution of code. This issue is related to the Zscaler Client Connector o...

WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Captcha Bypass vulnerability discovered by Dave Jong Patchstack in WordPress Plugin LoginPress Pro versions 3.0.0...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.17, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute...

TeamPass 跨站脚本漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A cross-site scripting vulnerability exists in versions prior to TeamPass 3.0.9, which stems from vulnerability to stored cross-site scripting XSS attacks...

PT-2023-19310 · Microsoft · Azure/Setup-Kubectl

Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...