openbabel 缓冲区错误漏洞

OpenBabel is an open-source chemical toolkit software developed by Open Babel. Versions of OpenBabel 3.1.1 and earlier contained a buffer error vulnerability, which stemmed from an out-of-bounds read in the function OpenBabel::transform3d::DescribeAsString located in the file...

openbabel 缓冲区错误漏洞

OpenBabel is an open-source chemical toolkit software developed by Open Babel. Versions of OpenBabel 3.1.1 and earlier contained a buffer error vulnerability, which stemmed from an out-of-bounds read in the function OBAtom::SetFormalCharge within the library file include/openbabel/atom.h...

UBUNTU-CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

UTT 521G 命令注入漏洞

UTT 521G is a router produced by the Chinese company UTTC. The version 3.1.1-190816 of UTT 521G has a command injection vulnerability. This vulnerability stems from incorrect operations on the parameter passwd1 in the file/goform/setSysAdm, which may lead to command injection...

CVE-2026-24988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin The Events Calendar Shortcode & Block versions = 3.1.1...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

EUVD-2026-5313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

CVE-2026-24988

CVE-2026-24988 concerns a Stored XSS in WordPress plugin The Events Calendar Shortcode & Block, affected through version 3.1.1. The root cause is improper input handling during web-page generation (improper neutralization of input), enabling injection of malicious scripts. Multiple sources (Red H...

CVE-2026-24988 WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

WordPress plugin The Events Calendar Shortcode & Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Graphql Modules: Competition Condition Vulnerability

Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...

MiracleLinux 7 : xerces-c-3.1.1-7.el7 (AXSA:2015-223:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-223:01 advisory. Xerces-C is a validating XML parser written in a portable subset of C . Xerces-C makes it easy to give your application the ability to read and write XML data...

WordPress Digihood HTML Sitemap plugin <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' vulnerability

Reflected Cross-Site Scripting via 'channel' vulnerability discovered by vgo0 in WordPress Plugin Digihood HTML Sitemap versions = 3.1.1...

CVE-2025-68278

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

Arbitrary Code Injection

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...

CVE-2025-68278

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

CVE-2025-68278

CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...