PT-2026-44225

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

OESA-2026-2327 lcms2 security update

LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...

OESA-2026-2326 lcms2 security update

LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...

GHSA-QH7Q-6QM3-653W Jupyter Server has an open redirection vulnerability in `next` query parameter

Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...

UBUNTU-CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

Linux Distros Unpatched Vulnerability : CVE-2026-42798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Note that Nessus relies on the presence of the...

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

Little CMS 输入验证错误漏洞

Little CMS lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions 2.16 to 2.18 of Little CMS, as well as earlier versions, had a...

UBUNTU-CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

Little CMS 安全漏洞

Little CMS either lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions of Little CMS prior to 2.18 contained a security...

PT-2026-33596

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions prior to 2.19 Description An integer overflow occurs in the CubeSize calculation within the cmslut.c file because the overflow check is executed after the multiplication operation. Recommendations Update to a version...

CVE-2026-28096 WordPress WealthCo theme <= 2.18 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects WealthCo: from n/a through = 2.18...

PT-2026-23371

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects WealthCo: from n/a through = 2.18...

WordPress plugin Invetex 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-42620

The CVE-2025-42620 issue affects Vulnerability-Lookup prior to 2.18.0. The root cause is unsafe handling of user-controlled content in comments and bundles: the backend’s related_vulnerabilities field accepts unvalidated strings, while the frontend converts Markdown to HTML and injects it into th...