5435 matches found
@fastify/express 安全漏洞
@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express 4.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in path handling within the onRegister function, which cause the middleware paths to be added repeatedly when...
@fastify/express 安全漏洞
@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express 4.0.4 and earlier contain security vulnerabilities. These vulnerabilities arise from failing to normalize URLs before passing them to Express middleware when the Fastify router normalization option is...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006599)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006599 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct...
CVE-2026-34899
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
CVE-2026-34899
CVE-2026-34899 relates to a Missing Authorization / Broken Access Control issue in the WordPress plugin “LTL Freight Quotes – Worldwide Express Edition.” Connected details confirm the vulnerability affects versions up to 5.2.1, described as a broken access control flaw discovered in WordPress Plu...
CVE-2026-34899 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
CVE-2026-34899
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
EUVD-2026-19592
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
CVE-2026-34899 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin LTL Freight Quotes – Worldwide Express Edition versions = 5.2.1...
WordPress plugin LTL Freight Quotes – Worldwide Express Edition 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1543)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1543 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been...
PT-2026-30808
Name of the Vulnerable Software and Affected Versions Eniture technology LTL Freight Quotes – Worldwide Express Edition versions through 5.2.1 Description A missing authorization issue exists in Eniture technology LTL Freight Quotes – Worldwide Express Edition due to incorrectly configured access...
Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2526 Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
is-localhost-ip 2.0.0 - SSRF
Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...
SUSE CVE-2026-23445
In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: 883.803618 T1554...
CVE-2026-23453
A flaw was found in the Linux kernel's net: ti: icssg-prueth network driver. When XDP eXpress Data Path programs drop packets in non-zero-copy mode, memory pages are not properly returned to the system's page pool. This memory leak can lead to Out of Memory OOM conditions, causing a Denial of...
EUVD-2026-18706
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...
CVE-2026-23445
In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the link of the interface in use is still up the following kernel splat is reported: 883.803618 T1554...