52193 matches found
CVE-2026-32710
Disclaimer: This data contains information about vulnerable...
CVE-2026-32710
CVE-2026-32710 affects MariaDB: vulnerable when using JSON_SCHEMA_VALID() in MariaDB 11.4.x before 11.4.10 and 11.8.x before 11.8.6. Under certain memory-layout conditions it could crash and in lab scenarios potentially enable remote code execution. Mitigations: upgrade to MariaDB 11.4.10, 11.8.6...
CVE-2026-32710 Heap-based Buffer Overflow in MariaDB
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...
CVE-2026-32710 Heap-based Buffer Overflow in MariaDB
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...
CVE-2026-32710
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...
OPENSUSE-SU-2026:20407-1 Security update for python-orjson
This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...
CVE-2026-33124
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...
CVE-2026-33124 Frigate has insecure password change functionality
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...
CVE-2026-33124 Frigate has insecure password change functionality
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...
CVE-2026-33124 Frigate has insecure password change functionality
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...
BIT-CEPH-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
CVE-2026-33068
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2026-33061
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...
CVE-2026-33061
exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...
CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...
CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...
EUVD-2026-13622
exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...
CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...
CVE-2026-32874
A flaw was found in UltraJSON, a fast JSON encoder and decoder. A remote attacker can exploit this vulnerability by providing specially crafted JSON input that contains extremely large integers. When UltraJSON attempts to parse these inputs, it leads to an accumulating memory leak. This excessive...
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...