CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

Infinite Loop

pypdf is vulnerable to Infinite Loop. The vulnerability is due to an infinite loop vulnerability that is present in versions prior to 6.6.2, where an attacker can craft a PDF which leads to an infinite loop by accessing the outlines/bookmarks...

OPENSUSE-SU-2026:10116-1 python311-pypdf-6.6.2-1.1 on GA media

These are all security issues fixed in the python311-pypdf-6.6.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

UBUNTU-CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

CVE-2026-24688

CVE-2026-24688 affects the pypdf library (Python). The vulnerability is an infinite loop in outline/bookmark processing that can be triggered by crafting a PDF; versions before 6.6.2 are vulnerable. The issue is fixed in pypdf 6.6.2. If upgrading is not yet possible, apply the changes from PR #36...

pypdf has possible Infinite Loop when processing outlines/bookmarks

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...

MiracleLinux 9 : varnish-6.6.2-2.el9.1 (AXSA:2023-4930:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4930:01 advisory. varnish: Request Forgery Vulnerability CVE-2022-45060 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : varnish-6.6.2-3.el9.1 (AXSA:2023-6534:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6534:03 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

PT-2026-1743

Name of the Vulnerable Software and Affected Versions Elliptic versions prior to 6.6.2 Description The ECDSA implementation within the Elliptic package produces incorrect signatures when an interim value of k calculated according to step 3.2 of RFC 6979 contains leading zeros, making it susceptib...

CVE-2018-25124 PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

Rainbowfish RainbowFish PacsOne Server 安全漏洞

Rainbowfish RainbowFish PacsOne Server is an image archiving and communication system server from Rainbow Software Rainbowfish, USA. The system should be used to save incoming images. A security vulnerability exists in Rainbowfish RainbowFish PacsOne Server version 6.6.2, which stems from a...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-0582 PoC This repository contains a proof of conce...

CVE-2024-30454

Cross-Site Request Forgery CSRF vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2...

CVE-2024-45793

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

CVE-2025-39546

CVE-2025-39546 – A CSRF vulnerability in WordPress plugin ElementsReady Addons for Elementor affects versions up to and including 6.6.2. Descriptions from NVD, Red Hat, and Patchstack confirm the CSRF issue and the affected product/version range. Patchstack indicates the vulnerability has been pa...

WordPress Block Editor Bootstrap Blocks Plugin <= 6.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Block Editor Bootstrap Blocks Type Plugin Vulnerable versions = 6.6.1 Fixed in 6.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-11402 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0635cf898925 Credits Le Ngoc Anh Requir...

Fedora 41 : mingw-qt6-qt3d / mingw-qt6-qt5compat / mingw-qt6-qtactiveqt / etc (2024-350e1aaa3c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-350e1aaa3c advisory. Update to 6.6.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...