Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in the drivers/usb/storage/eneub6250.c file for the ENE UB6250 reader driver in the Linux kernel before version 6.2.5. An object could potentially extend beyond the end of an allocation...

EUVD-2026-30364

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix IPv6 + redirect vulnerability discovered by ? in WordPress Npm nuxt-og-image versions = 6.2.5, 6.4.9...

VulnCheck KEV: CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

GHSA-2JP3-2923-9H52 Apache ActiveMQ Vulnerable to Cross-site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

CVE-2026-34404

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-25633

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing authorization that allows access to assets. An attacker can access and download sensitive files and view their metadata by sending requests as an authenticated user without the necessary permission...

PT-2026-7664

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.6 Statamic versions prior to 6.2.5 Description Statamic is a Laravel and Git powered CMS designed for building websites. Users without the necessary permissions to view assets are able to download them and view...

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. There were security vulnerabilities in versions of Statamic 5.73.6 and 6.2.5, which stemmed from improper access control...

EUVD-2017-6091

Malware in sbrugna...

EUVD-2019-19205

Malware in sbrugna...

EUVD-2017-6090

Malware in sbrugna...

EUVD-2020-30597

Malware in sbrugna...

EUVD-2020-30608

Malware in sbrugna...

EUVD-2024-54789

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-15767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file. CVE-2019-1576...

Third-Party Dependency in Crowd Data Center

Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...