UBUNTU-CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...

EUVD-2025-209594

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

Exploit for CVE-2026-31431

Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...

Exploit for CVE-2026-31431

copy-fail-cve-2026-31431 Passive detection tooling and techni...

Exploit for CVE-2026-31431

CVE Checker for Copy Fail CVE-2026-31431 Authors: Chris Fol...

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation LPE flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 CVSS score: 7.8 has been codenamed Copy Fail by Xint.io and Theori. "An unprivilege...

CVE-2026-42799

CVE-2026-42799 describes an out-of-bounds read in the ASR Kestrel software (nr_fw modules), specifically affecting the file path Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. The published records indicate this affects Kestrel versions prior to 2026/02/10. The issue is classified with a high impact on confid...

Exploit for CVE-2026-31431

CVE-2026-31431 Seccomp Mitigation A lightweight, reversible s...

SUSE CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

Medium: clamav1.5

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1631)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1631 advisory. A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device.This vulnerabili...

Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

ASR Lapwing_Linux 代码问题漏洞

ASR LapwingLinux is a device firmware developed by ASR Corporation. ASR LapwingLinux has a code vulnerability that stems from a null pointer dereferencing in the imsclient module, which may lead to pointer-related issues...

WordPress Ultimate Dashboard – Custom WordPress Dashboard plugin <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation vulnerability

Cross-Site Request Forgery to Module Activation/Deactivation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ultimate Dashboard versions = 3.8.14...

ASR Kestrel 缓冲区错误漏洞

ASR Kestrel is a radio frequency communication chip platform developed by ASR Corporation. Versions of ASR Kestrel prior to February 10, 2026, contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds reading in the nrfw module, which could lead to buffer overflows...

Amazon Linux 2 : clamav1.4, --advisory ALAS2-2026-3276 (ALAS-2026-3276)

The version of clamav1.4 installed on the remote host is prior to 1.4.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3276 advisory. A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause ...

Dancer::Session::Abstract 安全特征问题漏洞

Dancer::Session::Abstract is an abstract module for session management developed by BIGPRESH’s individual developers. Versions of Dancer::Session::Abstract prior to 1.3522 have security vulnerabilities. These vulnerabilities stem from insecure session ID generation, which could allow attackers to...

CVE-2026-40687

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...