3 matches found
CVE-2026-41042
Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...
CVE-2026-57585
The CVE concerns MessagePack for Python (msgpack). Prior to version 1.2.1, reusing an Unpacker after a caught error can trigger an out-of-bounds read/crash, potentially causing a DoS via SEGV. A fix is available in version 1.2.1. This entry uses concrete details from the connected records (produc...
WordPress PuzzleMe for WordPress Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PuzzleMe for WordPress versions = 1.2.0...