30622 matches found
CVE-2026-8232 Dotouch XproUPF UPF Process libvlib.so vlib_worker_loop denial of service
A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlibworkerloop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...
CVE-2026-8232
Dotouch XproUPF 2.0.0-release-088aa7c4 contains a vulnerability in UPF Process: the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so can be manipulated to cause a denial of service. The available documents identify the affected component and the root cause as a manipul...
EUVD-2026-28970
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
CVE-2026-7261 affects PHP SOAP when SOAP_PERSISTENCE_SESSION is used. In PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6, the SOAP handler object is persisted across requests via session storage. If a SOAP fault occurs, the persistence handling frees the ...
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...
Dotouch XproUPF 安全漏洞
Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from a denial-of-service...
PHP 缓冲区错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from the use of the metaphone function, which used signed integer variables to track the current...
OESA-2026-2224 perl-Image-ExifTool security update
ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...
OESA-2026-2222 perl-Image-ExifTool security update
ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...
SUSE CVE-2026-41570
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
GHSA-3V2C-X6Q9-F697 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, karma, cadence, crossplane-provider-azure-securityinsight...
GHSA-2283-WF8C-RW8R vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, karma, cadence, crossplane-provider-azure-securityinsight...
CVE-2026-39826 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, karma, cadence, crossplane-provider-azure-securityinsight...
CVE-2026-39823 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, karma, cadence, crossplane-provider-azure-securityinsight...
GHSA-8G2R-HHVJ-MV99 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, cilium-certgen, cadence,...
GHSA-QC64-M6C2-V4X7 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-firehose-fips, thanos-receive-controller, rabbitmq-messaging-topology-operator-fips, xeol-fips, crossplane-provider-aws-opensearchserverless-fips, agentbeat-fips, longhorn-manager-fips, cilium-certgen, cadence,...