38642 matches found
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Golang crypto library used by the Object Agent and OSSM components that could lead to denial-of-service (CVE-2025-47913, CVE-2025-47914, CVE-2025-58181).
Summary IBM Storage Protect Server uses the Golang crypto library in the Object Agent and OSSM components. Vulnerabilities in this library may allow specially crafted inputs to trigger denial-of-service conditions in applications using the affected components. Vulnerability Details...
PT-2026-28673
Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do...
PT-2026-28688
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in uncontrolled search path. The attack needs to be approached locally. This attack is characterized by...
PT-2026-28695
Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of...
Important: exiv2
Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
EUVD-2026-16301
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...
CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
Django: Django: Denial of Service via crafted request with duplicate headers
A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...
GHSA-4VRQ-3VRQ-G6GG BuildKit Git URL subdir component can cause access to restricted files
Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...
BuildKit Git URL subdir component can cause access to restricted files
Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
EUVD-2026-16211
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
CVE-2025-70082
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...
CVE-2026-3958
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...
CVE-2026-3845
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2...