1370 matches found
CLSA-2026-1776421961 libwebp: Fix of 2 CVEs
CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007236)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007236 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure userlength is taken into account when fetching packet contents Ensure that...
CVE-2026-27681
CVE-2026-27681 is an SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse caused by insufficient authorization checks. An authenticated user can submit crafted SQL statements to read, modify, and delete data, affecting confidentiality, integrity, and a...
K000160685: Linux kernel vulnerability CVE-2025-40322
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bitputcs bitputcsaligned/unaligned derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count a...
CVE-2026-5302
CVE-2026-5302 describes a CORS misconfiguration in CoolerControl/coolercontrold prior to 4.0.0. The root issue is permissive cross-origin access, allowing unauthenticated remote attackers to read data and send commands through malicious websites. Affected software: CoolerControl/coolercontrold ve...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...
WordPress Smart Slider 3 plugin <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation vulnerability
Missing Authorization to Authenticated Contributor+ Slider Data Read and Image Record Manipulation vulnerability discovered by darkmode in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...
CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
CVE-2026-4065
The Smart Slider 3 WordPress plugin (versions up to 3.5.1.33) suffers unauthorized access and data modification due to missing capability checks across multiple wp_ajax_smart-slider3 actions. The display_admin_ajax() path omits checkForCap() (unfiltered_html required), and several controller acti...
ROS-20260406-73-0001
A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...
Exploit for SQL Injection in Ghost
CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...
SUSE-SU-2026:1122-1 Security update for redis
This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...
CVE-2026-22895 QuFTP Service
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the setuid bit being set for t...
CVE-2026-28696
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...
CVE-2026-3431
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...
CLSA-2026-1772113038 Fix of 12 CVEs
OpenJDK 8u482 release, build 8. Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html - Security fixes 8u482: + CVE-2026-21945: Prevent DoS via repeated crash or hang in sandbox security + CVE-2026-21932: Fix integrity issue in sandboxed handling of untrusted input ...
ROS-20260216-73-0025
A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...
ROS-20260216-73-0032
A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...
CVE-2025-62856
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File...