972 matches found
WP Helper Lite < 4.3 - Cross-Site Scripting
The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...
EUVD-2026-33734
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
CVE-2026-40989 Self Routing guard bypassed via function composition
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...
PT-2026-45515
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
GHSA-86WQ-234Q-R6WG Spring Cloud Config Server Susceptible To TOCTOU Attack
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios. CVE-2026-25639 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions...
EUVD-2026-19665
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...
CVE-2026-35483
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...
CVE-2019-25657
AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to...
CVE-2018-25216
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image'...
CVE-2018-25216 AnyBurn 4.3 Denial of Service Local Buffer Overflow
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image'...
PT-2026-28253
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image'...
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January...
Ntopng Authentication Bypass
Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004086)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004086 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...
CVE-2018-10051
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter...
CVE-2021-28042
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution...
CVE-2016-10896
The seo-redirection plugin before 4.3 for WordPress has stored XSS...
CVE-2019-2733
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite subcomponent: Product Security. The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...