CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

@0xwork/connect (=0.1.8), @a5c-ai/agent-platform (>=5.0.1-staging.40a93c240e7b <=5.0.1-staging.d8bdfcceaf4a) +229 more potentially affected by unknown CVE via @mistralai/mistralai (>=2.1.2 <=2.2.1)

@mistralai/mistralai NPM version =2.1.2, =5.0.1-staging.40a93c240e7b, =5.0.1-staging.40a93c240e7b, =5.0.1-staging.40a93c240e7b, =1.0.0, =0.6.10, =0.1.0, =0.1.1, =0.1.3, =0.1.0, =0.1.13, =0.1.14, =0.1.0-alpha.2, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory:...

CVE-2026-27629

InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...

CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...

CVE-2022-31875

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi...

Malicious Package

Overview mad-8.2.1.2.2.8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2005-3850

Malware in sbrugna...

EUVD-2022-42288

Malicious code in bioql PyPI...

CVE-2025-59142

CVE-2025-59142 affects the color-string library (JavaScript) with a malware payload injected in version 2.1.1 after an npm account take-over. The payload targets browser contexts to attempt redirection of cryptocurrency transactions (e.g., to attacker wallets) when the package is used in web envi...

CVE-2024-49373

No Fuss Computing Centurion ERP is open source enterprise resource planning ERP software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem...

CVE-2022-39843

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain...

CVE-2023-5776

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...

AZL-43480 CVE-2023-25563 affecting package gssntlmssp 0.9.0-2

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

CVE-2022-20513

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14726 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the decrypt 1 2 function of CryptoPlugin.cpp due to a missing bounds check. This could lead to local information disclosure without requiring...

CVE-2022-39843

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain...

CVE-2022-39843

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain...

Stack overflow

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain...

CVE-2022-39843

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain...

CVE-2022-39843

CVE-2022-39843 affects 123elf Lotus 1-2-3 on Linux and Lotus 1-2-3 R3 on UNIX/other platforms. It is caused by a stack-based buffer overflow in the cell format processing routines, exploitable via a crafted worksheet and reachable through a w3r_format element in a wk3 document. Impact is arbitrar...