CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

CVE-2026-6828

Fluent Forms for WordPress (versions

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the vhost-vsock device of QEMU. In the event of an error, an invalid element was not detached from the virtqueue before freeing its memory, resulting in memory leakage and other unexpected issues. This issue affects QEMU versions up to 6.2.0...

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to Information Disclosure (CVE-2025-36002)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36002 DESCRIPTION: IBM Sterling B2B Integrator stores user credentials in configuration files which can be read by a local user...

CVE-2025-8692

The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘logduration’ parameter in all versions up to, and including, 6.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-23778

A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

CVE-2023-23481

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

IBM Sterling Control Center 安全漏洞

IBM Sterling Control Center is an application system from International Business Machines IBM, Inc. A centralized monitoring and management system. A security vulnerability exists in IBM Sterling Control Center versions 6.2.1, 6.3.1, and 6.4.0 that originates from a web page that can be stored...

app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +2209 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.7)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.31 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...

WordPress plugin AR For WordPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

ALPINE-CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

org.sonarsource.sonarqube:sonar-application (>=6.2 <=7.0-RC1) potentially affected by CVE-2024-38460 via org.sonarsource.sonarqube:sonar-web (>=6.2 <=7.0-RC1)

org.sonarsource.sonarqube:sonar-web MAVEN version =6.2, =6.2, =7.0-RC1 Source cves: CVE-2024-38460 Source advisory: OSV:GHSA-HW2C-8XGW-MF57...

CVE-2024-25913

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

DEBIAN-CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM USA. A security vulnerability in IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and Cloud 22.2 can be exploited by an attacker to perform a Slowloris attack, a denial-of-service DoS attack against a...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost versions 6.2.0 and earlier, which arises from a failure to adequately process specially crafted GIF files when uploading them during the drafting ...

CVE-2021-43048

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...