38290 matches found
CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...
CVE-2026-44831
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...
EUVD-2026-31960
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...
CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...
CVE-2026-44831
CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...
CVE-2026-9572
A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...
EUVD-2026-31945
A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...
CVE-2026-30894
Lack of output escaping leads to a XSS vector in the content history component...
EUVD-2026-31889
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...
CVE-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Improperly validated order clauses lead to a SQL injection vulnerability in comtags...
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-30894
CVE-2026-30894 affects Joomla! Core – com_contenthistory. The issue arises from lack of output escaping in the content history component, enabling a XSS vector. CVSS4.0 metrics indicate: Network attack vector, Low attack complexity, High privileges required, Passive user interaction; base score 6...
CVE-2026-30894
Lack of output escaping leads to a XSS vector in the content history component...
EUVD-2026-31872
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Lack of output escaping leads to a XSS vector in the content history component...