CVE-2026-44844

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

EUVD-2022-55997

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

CVE-2022-49042

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

Astra Linux - уязвимость в openexr

An integer overflow that leads to a heap-buffer overflow was discovered in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could exploit this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

CVE-2026-3449

The CVE-2026-3449 entry concerns the package @tootallnate/once (versions before 3.0.1). Affected component: promise resolution flow when using the AbortSignal option, described as Incorrect Control Flow Scoping . Root cause: promise resolves in a way that leaves the Promise permanently pending af...

CVE-2025-8025

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...

PT-2026-7577

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from 3.0.1 through 11022026. NOTE: The vendor was contacted early about...

CVE-2025-15068

Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 3.0.1...

CVE-2025-13506

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

CVE-2025-67644

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

EUVD-2025-33791

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Facets allows Cross-Site Scripting XSS.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9549

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9549

Drupal Facets is affected by a Missing Authorization vulnerability enabling forceful browsing in certain older versions. Affected ranges are Facets 0.0.0 through 2.0.9 and 3.0.0 through 3.0.0; the issue is fixed by upgrading to 2.0.10+ or 3.0.1+. No exploitation details are provided in the source...

PT-2025-41617

Name of the Vulnerable Software and Affected Versions Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 Description A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls...

CVE-2025-3733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting XSS.This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1...

Jupyter Remote Desktop Proxy 安全漏洞

Jupyter Remote Desktop Proxy is an open source application from JupyterHub. A security vulnerability exists in Jupyter Remote Desktop Proxy versions prior to 3.0.1, which stems from the fact that the VNC server remains accessible over the network when used with TigerVNC...

WordPress plugin Silvasoft boekhouden SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Silvasoft...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...