CVE-2026-50565

CVE-2026-50565 affects Fission (Kubernetes-native serverless framework). Before v1.24.0, builder pods were created with ServiceAccountName: fission-builder and AutomountServiceAccountToken was not disabled, causing the kubelet to auto-mount the service-account token into every container in the po...

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

CVE-2026-42461

Arcane (Huma backend) has an unauthenticated information disclosure vulnerability prior to version 1.18.0. Four GET endpoints under /api/templates* (list, all, specific, and content) were registered without any Security requirement, enabling unauthenticated network clients to read full Compose YA...

CVE-2026-7959

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-14764

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

CVE-2026-4749 NVD-CWE-noinfo in albfan miraclecast

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

CVE-2026-4749

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

PT-2026-27332

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

MiracleCast 安全漏洞

MiracleCast is a wireless screen mirroring tool developed by Alberto Fanjul personally. Previous versions of MiracleCast, prior to version 1.0, had security vulnerabilities. Currently, there is no information regarding these vulnerabilities. Please stay informed by following CNNVD or the...

CVE-2025-32467

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

EUVD-2026-4727

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3...

CVE-2026-24806

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

CVE-2026-24807 Buffer Overflow Vulnerability in liuyueyi/quick-media

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

CVE-2026-24807

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects quick-media:...

PT-2026-4861

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource third party/faad2-2.7/libfaad modules. This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0...

YtGrabber-TUI 后置链接漏洞

YtGrabber-TUI is the interface of a software by the individual developer of Женя Бородин. A back-linking vulnerability exists in versions prior to YtGrabber-TUI 1.0-rc, which stems from a configurable path pointing to malicious code that could lead to the execution of arbitrary code...

WordPress plugin Singsys -Awesome Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from Dressroom containing an improper...

CVE-2024-40490

An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function...

CVE-2024-3297

An issue in the Certificate Authenticated Session Establishment CASE protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive...