42 matches found
CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
CVE-2026-8491
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...
CVE-2026-8491
CVE-2026-8491 involves an improper check in the Drupal Node View Permissions module that permits forceful browsing. Affected are Node View Permissions 0.0.0–1.6.x and 2.0.0–2.0.0, where cancelled users’ content reassigned to anonymous users could be exposed. Remediation: upgrade to 1.7.0 (for 0.0...
CVE-2026-6959
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
Unity Linux 20.1060e / 20.1070e Security Update: linuxptp (UTSA-2026-017411)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017411 advisory. A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker...
CVE-2026-2348
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...
CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...
CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...
Drupal Quick Edit 安全漏洞
Drupal Quick Edit is a content management system module provided by the Drupal company that enables quick editing and immediate modification of page content. Versions of Drupal Quick Edit prior to 1.0.5 and 2.0.1 contained security vulnerabilities, which were due to improper input handling and...
CVE-2025-68555
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...
CVE-2025-68554
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/a through 2.0.1...
CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...
CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...
PT-2026-23141
Name of the Vulnerable Software and Affected Versions Keenarch versions prior to 2.0.1 Description Keenarch is susceptible to a file upload issue that permits the use of malicious files. The vulnerability allows for unrestricted uploads of files with dangerous types. Recommendations Update Keenar...
WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lendiz versions 2.0.1...
WordPress Keenarch theme < 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Keenarch versions 2.0.1...
CVE-2025-13984
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...
EUVD-2025-206437
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...
CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...
Drupal Next.js security vulnerabilities
Drupal Next.js is a module within the Drupal community that enables a deep integration between Drupal and Next.js. Versions of Drupal Next.js prior to 1.6.4 and 2.0.1 contained security vulnerabilities. These vulnerabilities were due to overly lax cross-domain security policies, which could lead ...