EUVD-2026-34246

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

PT-2026-36978

Name of the Vulnerable Software and Affected Versions Forminator plugin for WordPress versions prior to 1.53.0 Description An authorization bypass exists because the plugin fails to properly verify user authorization when processing Stripe PaymentIntent identifiers in the public payment flow. Thi...

Linux Distros Unpatched Vulnerability : CVE-2022-41952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection...

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

Malicious code in azuredatastudio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f18b345dc494772b0800d6b81807d5d930ceb567876dab5d06e478d66f5cda77 The OpenSSF Package Analysis project identified 'azuredatastudio' @ 1.53.0 npm as malicious. It is considered malicious because: - The package...

Nextcloud NextcloudPi 安全漏洞

Nextcloud NextcloudPi is a library from Nextcloud Germany. A security vulnerability exists in NextcloudPi 1.53.0 and earlier versions, which stems from the presence of a command injection vulnerability that allows an attacker to execute commands via the NextCloudPi web panel as the root user...

Low: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containers

Red Hat OpenShift distributed tracing 3.1.0 Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

UBUNTU-CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

synapse 资源管理错误漏洞

synapse is an open source application developed by Matrix. Used for open federated instant messaging and VoIP. A resource management error vulnerability exists in Matrix synapse versions prior to 1.53.0, which stems from Synapse generating URL previews of media streams without limiting the...

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages

The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages...

UBUNTU-CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

Improper access control

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

Rust Resource Management Error Vulnerability (CNVD-2021-33044)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in the standard library in versions of Rust prior to 1.53.0, which stems from a double release that occurs in the Vec::fromiter function. No details of the...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in the standard library in versions of Rust prior to 1.53.0, which stems from a double release that occurs in the Vec::fromiter function. No details of the...

jenkins: cross-site scripting flaws in the monitoring plug-in (SECURITY-113)

Cross-site scripting XSS vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...