16898 matches found
GitLab CE/EE 跨站请求伪造漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...
CVE-2026-35251
...
CVE-2026-35230
...
CVE-2026-34321
The CVE-2026-34321 entry concerns Oracle Financial Services Applications Infrastructure (OFSAI) – UI component. Affects 8.0.7.9, 8.0.8.7, and 8.1.2.5. The vulnerability can be triggered by a low-privileged attacker with network access over HTTP and requires user interaction, leading to unauthoriz...
CVE-2026-22014
...
EUVD-2026-24035
OpenBao's SQL Injection in PostgreSQL database secrets engine...
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
CVE-2026-6634
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
PT-2026-33780
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...
PT-2026-33457
Name of the Vulnerable Software and Affected Versions JetBrains Junie versions prior to 252.549.29 Description Command execution is possible through the use of a malicious project file. Recommendations Update to version 252.549.29 or later...
.NET and Visual Studio Denial of Service Vulnerability
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...
WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability
Unauthenticated Open Redirect via 'redirecttoonlogout' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.4...
CVE-2026-39425
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...
PT-2026-32903
Bridge | Heap-based Buffer Overflow CWE-122 CVE: CVE-2026-27310 PT ID: PT-2026-32903 Vendor: Adobe Product: Bridge CVSS: 7.8 Credits: n/a Description: Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code executio...
UBUNTU-CVE-2026-33116
Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...
CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...
CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
EUVD-2026-20475
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...
Fedora: Security Advisory (FEDORA-2026-ca43aa006f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-35178 Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...