21905 matches found
MINI-4FWM-6M54-JCJQ
Bulletin has no description...
pypdf has long runtimes for wrong size values in cross-reference and object streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...
Improper Validation of Specified Quantity in Input
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input through the PdfReader object stream and xref stream parsers in pypdf/reader.py...
GHSA-JJ6C-8H6C-HPPX pypdf has long runtimes for wrong size values in cross-reference and object streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...
MINI-RR32-55GR-JPJP
Bulletin has no description...
MINI-R9Q3-3757-5M3P
Bulletin has no description...
ECHO-1C8B-6A01-2CFE
Bulletin has no description...
CVE-2026-40737
The CVE concerns WordPress COMPE plugin
WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference vulnerability
Authenticated Subscriber+ Sensitive Information Exposure via Insecure Direct Object Reference vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...
MINI-CMMW-4R52-25V7
Bulletin has no description...
CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference
The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...
CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference
The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...
Adobe Framemaker Out-of-Bounds Read Vulnerability (CNVD-2026-19997)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause...
PT-2026-34562
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...
CVE-2017-8625
creationtimestamp| type| source ---|---|--- 2026-04-14 23:54:15+00:00| seen| https://gist.github.com/Jere7/d88eaa16f205413c550fd1409011e92c...
Defense in Depth update for NuGet Client
Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...
WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens
Summary The endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream configurations, including third-party platform stream keys and OAut...
CVE-2026-34370
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...