9293 matches found
PT-2026-25644
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
PT-2026-25645
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
PT-2026-25654
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...
CVE-2026-32362
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through = 1.1.3...
CVE-2026-32362
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through = 1.1.3...
PT-2026-25209
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through = 1.1.3...
CVE-2026-32140
Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...
CVE-2026-2741
A flaw was found in Vaadin. During the automatic download and extraction of Node.js, a remote attacker could exploit a path traversal vulnerability. By intercepting or controlling the Node.js download, an attacker could serve a specially crafted ZIP archive. This malicious archive would allow fil...
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...
Fedora 45 : bpfman (2026-0523662d59)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0523662d59 advisory. Automatic update for bpfman-0.5.4-6.fc45. Changelog Wed Mar 11 2026 Daniel Mellado - 0.5.4-6 - Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes...
CVE-2026-26741
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...
Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf
CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...
Zip Slip Path Traversal on Node Unpack
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. See CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Pat...
CVE-2026-26742
PX4 Autopilot versions 1.12.x–1.15.x have a protection mechanism failure in the Re-arm Grace Period logic. The system applies the in-air emergency re-arm logic to ground scenarios; if a pilot switches to Manual mode and re-arms within 5 seconds of an automatic landing, pre-flight safety checks (i...
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...
CVE-2026-26742
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...
auto-exploit-amazing-mesh-koy6
No d...