CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

@puchunjie/doc-tools-mcp (>=1.0.11 <=1.0.14) potentially affected by CVE-2026-7738 via @puchunjie/doc-tools-mcp (=1.0.18)

@puchunjie/doc-tools-mcp NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @puchunjie/doc-tools-mcp and may be impacted: - @puchunjie/doc-tools-mcp =1.0.11, =1.0.14 Source cves: CVE-2026-7738 Source advisory: OSV:GHSA-GCMM-C94J-J47X...

CVE-2026-25347 WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

apache-airflow-core (>=3.1.0 <=3.1.7rc2), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2026-30911 via apache-airflow (>=3.1.0 <=3.1.7rc2)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-30911 Source advisory: OSV:PYSEC-2026-17...

Drupal Commerce Paybox security vulnerabilities

Drupal Commerce Paybox is a payment plugin for the Drupal community. There are security vulnerabilities in the Drupal Commerce Paybox versions 7-x-1.0 to 7.X-1.5. These vulnerabilities stem from improper encryption signature verification, which may lead to authentication bypasses...

Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter loanid in...

CVE-2022-32374

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getsubjectrouting.php?id=...

CVE-2019-10708

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...

CVE-2025-25286

CVE-2025-25286 affects Crayfish’s Homarus FFmpeg microservice. Prior to Crayfish 4.1.0, remote code execution could occur in web-accessible installations in certain configurations. The issue has been patched in islandora/crayfish:4.1.0. Workarounds include preventing Internet access to Homarus or...

Malicious code in verida-tech-demos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ded9af82932dfcd9a6021dbd383ebadc322bdfc63b8c68d1981537b14ab226b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OPENSUSE-SU-2024:11780-1 libpolkit-agent-1-0-0.120-2.1 on GA media

These are all security issues fixed in the libpolkit-agent-1-0-0.120-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10033-1 liblightdm-gobject-1-0-1.21.1-1.1 on GA media

These are all security issues fixed in the liblightdm-gobject-1-0-1.21.1-1.1 package on the GA media of openSUSE Tumbleweed...

BIT-PYTHON-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I w...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I w...

Square Pig FusionInvoice 跨站脚本漏洞

Square Pig FusionInvoice is a self-service online invoicing application for freelancers and small businesses from Square Pig. A security vulnerability exists in Square Pig FusionInvoice version 2023-1.0 that stems from the presence of a stored cross-site scripting XSS vulnerability...

CVE-2023-23879

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

SUSE CVE-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

GHSA-FHG7-M89Q-25R3 ReDoS Vulnerability in ua-parser-js version

Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...

Ubuntu 16.04 ESM : pixman vulnerability (USN-5718-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5718-2 advisory. USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...