356 matches found
CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...
CVE-2026-46846
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-50009
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise...
PT-2026-50007
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with network access via HTTPS to compromise the...
PT-2026-50003
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue exists in the Core component of the Oracle Enterprise Command Center Framework. A high privileged attacker with network access via HTTP can exploit this...
ALSA-2026:25113 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...
ROS-20260608-73-0024
The vulnerability of the .NET software platform is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...
ROS-20260608-73-0006
The vulnerability of the .NET software platform lies in the execution of a loop with an exit condition that is not met. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
Android Security Bulletin—June 2026Stay organized with collectionsSave and categorize content based on your preferences.
The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-06-05 or later from the June 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...
CVE-2025-22741
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
Joomla! 跨站脚本漏洞
Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from the lack of input filtering. This leads to the presence of cross-site scripting vectors in the HTML filtering code...
Exploit for Incorrect Authorization in Vercel Next.Js
Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...
Yii 输入验证错误漏洞
Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...
GHSA-6V92-PH9P-HRPC AMF Vulnerable to Improper Resource Shutdown or Release
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...
CVE-2026-42874
Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...
CVE-2026-32177
CVE-2026-32177 is a heap-based buffer overflow in the .NET Framework that enables local privilege escalation. The issue is described across multiple sources as affecting the .NET Framework components in versions 3.5 and 4.8.1, with impact described as unauthorized elevation of privileges locally ...
dotnet: .NET: Security Bypass and Denial of Service Vulnerability
A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vfvmafmotion.c, within the convolutiony8bit module. This vulnerability could allow a remote malicious user to cause a Denial of Service attack...