167 matches found
BIT-JRE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
BIT-JAVA-2025-27113
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...
Astra Linux - уязвимость в grub2
A heap out-of-bounds write may occur during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. The impacts on confidentiality, integrity, and availability are considered low, as it is very complex for an attacker to control the encoding and...
CVE-2026-39856
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...
CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...
EUVD-2026-20946
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...
CVE-2026-39563 WordPress Share This Image plugin <= 2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through = 2.12...
WordPress plugin Share This Image 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Share This Image plugin <= 2.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Share This Image versions = 2.12...
EUVD-2026-15532
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
CVE-2026-22516
CVE-2026-22516 is a Local File Inclusion vulnerability affecting WordPress plugin/theme Wizor's Wizor's Investments, specifically versions up to and including 2.12. The issue is described as an improper control of filename for Include/Require statements in PHP, enabling PHP Local File Inclusion (...
CVE-2026-22516 WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
CVE-2026-22516 WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
PT-2026-27837
Name of the Vulnerable Software and Affected Versions AncoraThemes Wizor's wizors-investments versions through 2.12 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1743 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.5.6)
org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.9 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...
WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wizor's versions = 2.12...
CVE-2026-27987 WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through = 2.12...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/common to version 2.12 or higher. References ...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/skr to version 2.12 or higher. References -...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/cmd/azmount/filemanager to version 2.12 or higher...