38639 matches found
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...
org.webjars.npm:angular-tree-component (>=3.2.3 <=3.7.2), org.webjars.npm:chevrotain (>=11.0.3 <=11.1.2) +72 more potentially affected by CVE-2025-13465 +1 more via org.webjars.npm:lodash-es (>=4.17.21 <=4.17.4)
org.webjars.npm:lodash-es MAVEN version =4.17.21, =3.2.3, =11.0.3, =11.0.3, =11.0.3, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =44.1.0, =39.0.1, =44.3.0 and more Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869624...
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...
CVE-2025-62184
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...
CVE-2025-62184
CVE-2025-62184 affects Pega Platform versions 8.1.0 through 25.1.0 with a Stored Cross-site Scripting vulnerability in a UI component. Exploitation requires an administrative user with extensive rights; impact is limited to Confidentiality (LOW) and does not impact Integrity or Availability. The ...
EUVD-2026-17412
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
EUVD-2026-17343
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
DEBIAN-CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...
BELL-CVE-2026-34714
Bulletin has no description...
Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability (CNVD-2026-16378)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...
Mozilla Firefox and Mozilla Thunderbird Denial of Service Vulnerability (CNVD-2026-16375)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Thunderbir...
PT-2026-29222
Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions 4.000 through 4.009 002 Description Sereal::Decoder for Perl embeds a vulnerable version of the Zstandard zstd library. A race condition exists in the one-pass compression functions of Zstandard prior to version 1.3.8,...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a mix-up in the instructions responsible for freeing memory in the Compositing component. An attacker can...
gdk-pixbuf 安全漏洞
gdk-pixbuf is an open-source image loading library developed by GNOME. gdk-pixbuf has a security vulnerability that stems from the improper validation of color component counts during the processing of specially crafted JPEG images by the JPEG image loader. This can lead to a heap buffer overflow...
Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability (CNVD-2026-16372)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird d...
Mozilla Firefox and Mozilla Thunderbird Denial of Service Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A denial of service vulnerability exists in Mozilla Firefox and Mozilla Thunderbir...