22164 matches found
CVE-2024-50617
CVE-2024-50617 affects CIPPlanner CIPAce prior to 9.17. The issue lies in the File Download and Get File handler components, where an authenticated user can change the file id parameter or supply a physical file path in the URL query to download files they should not access. The impact is unautho...
PT-2026-7674
Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open...
CVE-2024-36355
Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...
CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515
SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...
CVE-2026-2226
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2026-2215
A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...
CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515
SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...
Improper Handling of Case Sensitivity
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...
CVE-2026-2141
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...
CVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
Malicious code in react-svg-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...
MAL-2026-822 Malicious code in react-svg-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-svg-handler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CLSA-2026-1770648617 expat: Fix of CVE-2026-24515
CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...
CLSA-2026-1770648267 expat: Fix of CVE-2026-24515
CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...
CLSA-2026-1770647876 expat: Fix of CVE-2026-24515
CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...
CVE-2026-2226
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2026-2226
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2026-2226
CVE-2026-2226 affects DouPHP up to 1.9, targeting the ZIP File Handler component. The issue arises from manipulating the argument sql_filename in the file /admin/file.php, leading to unrestricted upload. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. The...