EUVD-2025-210253

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

PT-2026-49601

Upstream kernel version 6.6.141 fixes vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

SUSE CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

CVE-2026-25501

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

CVE-2026-27643

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NA...

CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

CVE-2025-49040

Cross-Site Request Forgery CSRF vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through = 1.5.0...

WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MachForm Shortcode versions = 1.4.1...

WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability

CSRF to Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Snippy versions = 1.4.1...

WordPress WP Pipes plugin <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter vulnerability

Reflected Cross-Site Scripting via x1 Parameter vulnerability discovered by vgo0 in WordPress Plugin WP Pipes versions = 1.4.1...

WordPress plugin Send Emails with Mandrill 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CoreWCF Security Vulnerabilities

CoreWCF is an open source project of the CoreWCF project that aims to provide an alternative implementation of WCF Windows Communication Foundation for .NET Core and .NET 5+. A security vulnerability exists in CoreWCF versions 1.4.1 and 1.5.1, which stems from the fact that a service based on...

DEBIAN-CVE-2022-48468

protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember...

CVE-2020-24500

Buffer overflow in the firmware for IntelR E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access...

UBUNTU-CVE-2018-11743

The initcopy function in kernel.c in mruby 1.4.1 makes initializecopy calls for TTICLASS objects, which allows attackers to cause a denial of service mrbhashkeys uninitialized pointer and application crash or possibly have unspecified other impact...

qemu: guest agent creates files with insecure permissions in deamon mode

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files...

xfree86: information disclosure via TOG-CUP extension

The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index...