7898 matches found
CVE-2026-25018
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...
CVE-2026-31868
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
CVE-2026-3207
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-32728
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
SUSE-SU-2026:20879-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: Update to PyJWT 2.12.1: - CVE-2024-53861: prevent partial matching of the Issuer field bsc1234038. - CVE-2026-32597: validate the crit Header Parameter defined in RFC 7515 bsc1259616. Changelog: Update to 2.12.1: - Add missing...
EUVD-2026-16106
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
CVE-2026-4389
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
CVE-2026-4389
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
CVE-2026-4389
The CVE-2026-4389 entry concerns the DSGVO snippet for the Leaflet Map and its Extensions WordPress plugin. Affected: Leaflet Map and Extensions, all versions up to 3.1. Issue: Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes due to insufficient input s...
CVE-2026-4389 DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
CVE-2026-4389 DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
PT-2026-28206
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
sharp 路径遍历漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of various sizes. Versions of Sharp prior to 9.20.0 contained a path traversal vulnerability, which stemmed from improper handling of...
PT-2026-28514
Name of the Vulnerable Software and Affected Versions dd-trace-java versions 0.40.0 through prior to 1.60.2 Description dd-trace-java is a Datadog APM client for Java. The RMI instrumentation in affected versions registered a custom endpoint that deserialized incoming data without applying...
EUVD-2026-15619
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...
EUVD-2026-15617
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through = 2.1...
SUSE-SU-2026:20934-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issue: Update to PyJWT 2.12.1: - CVE-2026-32597: PyJWT accepts unknown crit header extensions bsc1259616. Changelog: Update to 2.12.1: - Add missing typingextensions dependency for Python 3.11 in 1150 Update to 2.12.0: - Annotate PyJWKSet.keys for...
OPENSUSE-SU-2026:20431-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issue: Update to PyJWT 2.12.1: - CVE-2026-32597: PyJWT accepts unknown crit header extensions bsc1259616. Changelog: Update to 2.12.1: - Add missing typingextensions dependency for Python 3.11 in 1150 Update to 2.12.0: - Annotate PyJWKSet.keys for...
CVE-2026-25018
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...
CVE-2026-25017
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through = 2.1...