ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2174 more potentially affected by CVE-2026-47691 via io.netty:netty-resolver-dns (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-resolver-dns MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-47691 Source advisory: OSV:GHSA-5PVG-856G-CP85...

DEBIAN-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016791 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote...

UBUNTU-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

PT-2026-27848

Name of the Vulnerable Software and Affected Versions Dokan versions through 4.2.4 Description An authentication bypass issue exists in Dokan, specifically in the dokan-lite component. This allows for authentication abuse by utilizing an alternate path or channel. Recommendations Update Dokan to ...

WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Atarim versions = 4.2.1...

WordPress Plugin Forms Bridge – Infinite integrations Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Astra Linux - уязвимость в wireshark

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file...

CVE-2025-57393

CVE-2025-57393 is a stored cross-site scripting (XSS) vulnerability in Kissflow Work Platform. Affected: Kissflow Application versions 2.0 through 4.2. Root cause: injection of a crafted payload enabling execution of arbitrary web scripts/HTML. Impact: high (confidentiality, integrity, and availa...

Vulnerability fixed in MITRE Caldera

MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...

PT-2025-7021 · Unknown · Contact Form With Shortcode

Name of the Vulnerable Software and Affected Versions: Contact Form With Shortcode versions n/a through 4.2.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...

Dell Enterprise SONiC OS 操作系统命令注入漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. An operating system command injection vulnerability exists in Dell Enterprise SONiC OS versions 4.1. x and 4.2.x. The vulnerability stems from improper neutralization of...

PT-2023-22198

Name of the Vulnerable Software and Affected Versions XWiki Commons versions 4.2-milestone-1 through 14.6 RC1 Description The "restricted" mode of the HTML cleaner in XWiki only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . This...

CVE-2022-36556

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08executeping01...

fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2020-41738)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site scripting vulnerability exists in SAP Business Objects...

PT-2020-6230 · Libslirp +8 · Libslirp +8

Name of the Vulnerable Software and Affected Versions: libslirp versions 4.2.0 and prior releases Description: The issue is related to a use after free vulnerability in the ip reass function in ip input.c of the libslirp library. This vulnerability can be exploited by crafted packets, leading to ...

SAP Business Objects Business Intelligence Platform Cross-Site Request Forgery Vulnerability

SAP Business Objects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site request forgery vulnerability exists in SAP...

UBUNTU-CVE-2019-18886

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...

CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...