Astra Linux - уязвимость в hdf5

There is a heap-based buffer overflow vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в hdf5

A buffer overflow in H5Olayoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service through a crafted HDF5 file. This issue was triggered during the repacking of an HDF5 file, also known as “Invalid write of size 2.”...

EUVD-2026-5368

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...

CVE-2026-24884 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

DEBIAN-CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

PT-2026-4316

Name of the Vulnerable Software and Affected Versions sigstore framework versions 1.10.3 and below Description The sigstore framework, a common Go library used across sigstore services and clients, contains an issue in the legacy TUF client pkg/tuf/client.go. This client supports caching target...

CVE-2025-67926

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through = 1.10.4...

CVE-2023-40214

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Vathemes Business Pro theme = 1.10.4 versions...

CVE-2025-67926

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through = 1.10.4...

CVE-2025-67926

CVE-2025-67926 is a public WordPress vulnerability described by Wordfence in the January 2026 weekly vulnerability report. It is a Missing Authorization issue in Fluent Support (WordPress plugin) where access control is incorrectly configured, affecting Fluent Support versions up to 1.10.4. The C...

CVE-2025-67926 WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through = 1.10.4...

WordPress plugin Fluent Support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1902

Name of the Vulnerable Software and Affected Versions Shahjahan Jewel Fluent Support versions through 1.10.4 Description An authorization issue exists in Fluent Support that allows exploitation of incorrectly configured access control security levels. Recommendations Versions prior to and includi...

WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Fluent Support versions = 1.10.4...