113 matches found
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
WeGIA 输入验证错误漏洞
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of URL validation or allowlist checks, which could lead...
CVE-2026-33885
Statamic Open Redirect (CVE-2026-33885): Affected versions before 5.73.16 and before 6.7.2 have an issue where external URL detection for redirect validation on unauthenticated endpoints could be bypassed via URL parsing differentials. Impact is redirects to external URLs after actions like form ...
CVE-2026-31894
WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
CVE-2026-31894
WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...
CVE-2026-1046
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
EUVD-2026-6090
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
CVE-2019-18454
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS...
EUVD-2022-55804
In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...
CVE-2022-50757
CVE-2022-50757 is a Linux kernel vulnerability affecting the media/camss subsystem. The issue arises when streaming fails to start (for example, media_pipeline_start() may fail with EPIPE during link validation), and the driver incorrectly handles received buffers, triggering a kernel warning. Th...
CVE-2022-50757 media: camss: Clean up received buffers on failed start of streaming
In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...
Apple macOS Tahoe Symbolic Link Validation Insufficiency Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Symbolic Link Validation Insufficiency vulnerability that can be exploited by an attacke...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...
Bitdefender Total Security 后置链接漏洞
Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A backlink vulnerability exists in...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.2 and Sequoia prior to 15.7.2, which stems from insufficient symbolic link validation and could result in the...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia prior to version 15.7, which stems from insufficient symbolic link validation and could lead to bypassing privacy...
Apple多款产品 安全漏洞
Apple iOS is an operating system developed for mobile devices, Apple tvOS is a smart TV operating system, and Apple watchOS is a smart watch operating system. A security vulnerability exists in several Apple products that stems from insufficient symbolic link validation, which could cause an...
EUVD-2019-8204
Malware in sbrugna...