DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

PT-2026-48812

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

CVE-2026-25360

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

EUVD-2026-15684

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

CVE-2026-25360

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

CVE-2026-25360

CVE-2026-25360 corresponds to a Deserialization of Untrusted Data vulnerability in the Vex plugin by Vex (Vex) for WordPress. Affected product: Vex = 1.2.9). Connected Wordfence details also list the CVE-2026-25360 under the Wordfence vulnerability repository with the same patched status and attr...

CVE-2026-25360 WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

CVE-2026-25360 WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

PT-2026-27921

Name of the Vulnerable Software and Affected Versions rascals Vex versions prior to 1.2.9 Description An issue exists in rascals Vex that allows for object injection due to deserialization of untrusted data. This impacts the Vex component. Recommendations Update rascals Vex to version 1.2.9 or...

WordPress plugin Vex 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vex versions 1.2.9...

@vex-chat/spire (>=1.0.0 <=2.3.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =2.3.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: vexctl, dagdotdev, hivemind, falco, addon-resizer, cloud-provider-aws, kube-vip, kserve-rest-proxy, docker-credential-ecr-login, confluent-common-docker, knative-serving, shfmt, gitsign, terraform-provider-time, rancher-machine, ctop, lvm-driver, pvc-autoresizer,...

Moderate: Red Hat Security Advisory: ACS 4.6 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. This release of RHACS 4.6 provides these new features: Support for ARM architecture in secured clusters Technology Preview Certifications for Red Hat Advanced Clust...

OPENSUSE-SU-2024:0269-1 Security update for trivy

trivy was updated to fix the following issues: Update to version 0.54.1: fixflag: incorrect behavior for deprected flag --clear-cache backport: release/v0.54 7285 fixjava: Return error when trying to find a remote pom to avoid segfault backport: release/v0.54 7283 fixplugin: do not call GitHub...

@glow-app/solana-client (>=0.4.0 <=0.5.1), @zetamarkets/flex-sdk (>=0.6.3 <=0.15.0) +8 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.43.4 <=1.43.6)

@solana/web3.js NPM version =1.43.4, =0.4.0, =0.6.3, =0.1.1, =0.0.1, =1.4.0, =0.1.0, =1.0.4, =1.4.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

tamildigitallibrary.in Cross Site Scripting vulnerability OBB-3615773

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

librarything.com Cross Site Scripting vulnerability OBB-3530252

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

infostores.biz Cross Site Scripting vulnerability OBB-3530190

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...