475 matches found
CVE-2026-38976
mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...
CVE-2026-38976
CVE-2026-38976 affects mrubyc up to version 3.4.1 and describes a NULL pointer dereference in src/vm.c within op_super() / OP_SUPER caused by a missing runtime guard for top-level super. The connected documents confirm the vulnerability detail but do not provide exploitation steps, specific explo...
CVE-2026-38973
The CVE-2026-38973 entry concerns mrubyc up to release 3.4.1, where an out-of-bounds read occurs in the built-in missing-method lookup inside the function mrbc_find_method(). Affected product/portion: mrubyc’s runtime/method lookup logic. Root cause: out-of-bounds read in the missing-method table...
WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...
CVE-2026-8141
The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomyincludechildren' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
Astra Linux – Vulnerability in twitter-bootstrap3
Improper neutralization of input during web page generation XSS or “cross-site scripting” vulnerability in Bootstrap allows cross-site scripting. This issue affects Bootstrap: from version 3.4.1 to 4.0.0...
CVE-2026-50883
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...
CVE-2026-50883
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...
CVE-2026-50883
CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...
PT-2026-49324
Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...
Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)
Red Hat AI Inference 3.4.1 cuda is now available. Red Hat AI Inference...
Important: Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)
Red Hat AI Inference Model Optimization Tools 3.4.1 cuda is now available. Red Hat AI Inference Model Optimization Tools...
Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)
Red Hat AI Inference 3.4.1 spyre is now available. Red Hat AI Inference...
Important: Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)
Red Hat AI Inference 3.4.1 cpu is now available. Red Hat AI Inference...
CVE-2026-7782
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...
CVE-2026-23902
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
Astra Linux – Vulnerability in libarchive
In libarchive versions 3.4.1 through 3.5.1, there is a use-after-free in the copystring function called from douncompressblock and processblock...
Exploit for CVE-2026-8181
EN: Controlled PoC and brief technical notes for authorized secu...
CodeCanyon Perfex CRM 授权问题漏洞
CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from the operation of the parameter ID in the function Clients::projec...
Incorrect Authorization
Overview org.apache.dolphinscheduler:dolphinscheduler-dao is an A visual DAG workflow scheduling system, dedicated to solving the complex dependencies in data processing. Affected versions of this package are vulnerable to Incorrect Authorization during workflow execution. An attacker can gain...