Telegram Desktop 安全漏洞

Telegram Desktop is the desktop version of Telegram’s open-source instant messaging mobile application. Versions of Telegram Desktop prior to 6.7.5 contained a security vulnerability. This vulnerability stemmed from the function RequestButton in the Bot API component, specifically the handling of...

PT-2026-36820

Name of the Vulnerable Software and Affected Versions @clerk/clerk-js versions prior to 5.125.10 @clerk/clerk-js versions prior to 6.7.5 @clerk/shared affected versions not specified @clerk/nextjs affected versions not specified @clerk/backend affected versions not specified Description...

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in the wte_trip_tax shortcode, impacting all versions up to and including 6.7.5. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabl...

PT-2026-30314

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte trip tax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin WP Travel Engine – Tour Booking Plugin – Tour Operator Software 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2331 more potentially affected by CVE-2026-31826 via pypdf (>=3.10.0 <=6.7.5)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.4.1, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =1.2.32, =0.1.1, =1.0.0, =2.0.0 and more Source cves: CVE-2026-31826 Source advisory: OSV:GHSA-HQMH-PPP3-XVM7...

SUSE CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

DEBIAN-CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

GHSA-9M86-7PMV-2852 pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. Patches This has been fixed in pypdf==6.7.5. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3666...

pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. Patches This has been fixed in pypdf==6.7.5. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3666...

PT-2026-23002

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.5 Description A crafted PDF file can cause excessive processing time when accessing a stream that utilizes the /ASCIIHexDecode filter. This issue affects the pypdf library. Recommendations Update to version 6.7.5 or...

CVE-2025-64359

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.7.5...

CVE-2025-64359

CVE-2025-64359 is a WordPress plugin/theme vulnerability affecting the WordPress Consulting theme (StylemixThemes Consulting) versions prior to 6.7.5. Multiple connected sources describe an improper control of filename for include/require statements, enabling PHP Local File Inclusion through the ...

CVE-2025-64359 WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.7.5...

PT-2025-44610

Name of the Vulnerable Software and Affected Versions StylemixThemes Consulting versions prior to 6.7.5 Description An improper control of filename for include/require statement exists in StylemixThemes Consulting, potentially leading to PHP Local File Inclusion. This issue allows for the inclusi...

CVE-2024-51058

CVE-2024-51058 is a Local File Inclusion (LFI) vulnerability in TCPDF. Impact: reading arbitrary server files via an src tag. Affects TCPDF 6.7.5 (per initial description). Exploitation details are not provided beyond the LFI vector; no in‑the‑wild exploitation data is included in the supplied d...

PT-2024-34506 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF version 6.7.5 Description: A Local File Inclusion LFI issue has been discovered, allowing a user to read arbitrary files from the server's file system through the src tag in an img element, potentially exposing sensitive information...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF version 6.7.5, which stems from the inclusion of a local file inclusion vulnerability...

RHBA-2020:4346 Red Hat Bug Fix Advisory: Satellite 6.7.5 Async Bug Fix Update

Bulletin has no description...

PT-2024-9840 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.5 Description: A vulnerability in the Linux kernel has been identified, which can cause a deadlock when using bcachefs with compression. The issue arises when snapshotting a mongodb data volume, resulting in...