22233 matches found
Apache Tomcat - Cross-Site Scripting
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
CVE-2026-46629
Twig: twig/intl-extra memoises IntlDateFormatter and NumberFormatter in unbounded per-template arguments, causing potential unbounded memory growth in long-running environments. Affected prior to 3.26.0; fix is to upgrade to Twig 3.26.0 or later (formatter caches bounded with FIFO). Debian adviso...
ROOT-OS-UBUNTU-2404-CVE-2025-21956 CVE-2025-21956 in rootio-linux - Patched by Root
Root has patched CVE-2025-21956 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-68339 CVE-2025-68339 in rootio-linux - Patched by Root
Root has patched CVE-2025-68339 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-31498 CVE-2026-31498 in rootio-linux - Patched by Root
Root has patched CVE-2026-31498 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-43241 CVE-2026-43241 in rootio-linux - Patched by Root
Root has patched CVE-2026-43241 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-26661 CVE-2024-26661 in rootio-linux - Patched by Root
Root has patched CVE-2024-26661 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-15628
creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...
CVE-2026-61500
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...
CVE-2026-12275
creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...
EUVD-2026-43238
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...
CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...
CVE-2026-9017
creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5ir7roy2w 2026-07-11 07:47:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6cypq4a2t...
CVE-2026-53653
creationtimestamp| type| source ---|---|--- 2026-07-10 18:20:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqcra4ilol2c 2026-07-10 22:51:15+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdadyx4fk27 2026-07-10 23:35:17+00:00| seen|...
Malicious code in stella-ai-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...
MAL-2026-10133 Malicious code in stella-ai-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...
CVE-2026-38059
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
EUVD-2026-42908
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
CVE-2026-38059
The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...
CVE-2026-13347
creationtimestamp| type| source ---|---|--- 2026-07-10 11:16:00+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbzis5yut2y 2026-07-10 12:15:24+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-13347 2026-07-12 18:01:08+00:00| seen|...