SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

CVE-2026-44740

CVE-2026-44740 affects the go-billy interface filesystem abstraction. Before 5.9.0 and 6.0.0-alpha.1, multiple components may mishandle crafted input, risking panics, infinite loops, uncontrolled recursion, or excessive resource consumption due to missing validation, cycle detection, and defensiv...

go-billy security vulnerabilities

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 and 6.0.0-alpha.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of specially crafted or malformed inputs by multiple components, which cou...

CVE-2026-44973

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

Improper Validation of Array Index

Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafted input with negative parameter length to bypass validation and cause an...

Incorrect Comparison

Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Incorrect Comparison in the FunctionCall.Decode function. An attacker can cause a crash on 64-bit machine by sending a null argument in a FunctionCall response...

python311-cbor2-5.9.0-1.1 on GA media (moderate)

python311-cbor2-5.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10425-1 Rating: moderate Cross-References: CVE-2026-26209 CVSS scores: CVE-2026-26209 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-26209 SUSE : 8.7...

CVE-2026-25317

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...

EUVD-2026-15641

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...

CVE-2026-25317

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...

PT-2026-27898

Name of the Vulnerable Software and Affected Versions Print Invoice & Delivery Notes for WooCommerce versions through 5.9.0 Description An authorization issue exists in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes. The issue involves exploiting...

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

CVE-2026-2645

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

Linux Distros Unpatched Vulnerability : CVE-2026-24351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website,...

Linux Distros Unpatched Vulnerability : CVE-2026-24352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour...

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the actionSendActivationEmail function. An attacker can gain unauthorized access to user accounts or enumerate user states by submitting...

CVE-2026-28782

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...

CVE-2026-28782 Craft has a Permission Bypass and IDOR in Duplicate Entry Action

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...