214 matches found
EUVD-2025-210262
Unauthenticated Local File Inclusion in Gamic = 1.15 versions...
EUVD-2026-37658
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2026-22338
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2025-58924
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
CVE-2025-69157 WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Gamic = 1.15 versions...
CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2026-22338
CVE-2026-22338 : WordPress EcoBlue theme
CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
CVE-2026-44494
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions 1.7.0 to 1.15.x of Axios contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of request and response size limits when using the fetch adapter, which may lead to resource exhaustion...
CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse
SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...
EUVD-2026-35318
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...
VMware Micrometer 资源管理错误漏洞
VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. Versions 1.16.0 to 1.16.5 and 1.15.0 to 1.15.11 of VMware Micrometer contain resource management vulnerabilities. These vulnerabilities stem from the ability for users to submit...
CVE-2026-45159
Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...
CVE-2026-47118
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...
PT-2026-44005
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
Agent Zero 跨站脚本漏洞
Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...
Astra Linux – Vulnerability in golang-golang-x-net, golang-1.15
In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...
CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...