16916 matches found
PT-2026-22720
Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...
PT-2026-22949
Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the system.run execution. An attacker can execute an unintended or malicious executable by altering the PATH resolution after approval, causing a different binar...
EUVD-2026-9059
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint...
PT-2026-22324
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for the execution of code remotely without authentication. This is due to insufficient...
CVE-2026-0752
CVE-2026-0752 concerns GitLab CE/EE where an unauthenticated user could inject arbitrary scripts into the Mermaid sandbox UI under certain circumstances. The issue affected all versions 16.2 up to but not including 18.7.5, all 18.8 releases before 18.8.5, and all 18.9 releases before 18.9.1. GitL...
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2026-12870)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A buffer overflow vulnerability exists in Adobe After Effects, which can be...
Adobe After Effects Type Obfuscation Vulnerability
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A type confusion vulnerability exists in Adobe After Effects, which can be...
Adobe After Effects Resource Management Error Vulnerability
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a resource management error vulnerability...
PT-2026-21928
Name of the Vulnerable Software and Affected Versions KrakenD-CE versions prior to 2.13.1 KrakenD-EE versions prior to 2.13.0 Description An improper resource shutdown or release issue exists in KrakenD, specifically within the CircuitBreaker modules of both KrakenD-CE and KrakenD-EE. The issue...
DEBIAN-CVE-2026-25987
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...
Expired Pointer Dereference
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
NULL Pointer Dereference
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
DEBIAN-CVE-2025-61146
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component mallocstub.c...
CVE-2026-26723
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...
CRLF Injection
Litestar is vulnerable to CRLF Injection. The vulnerability is due to unescaped URL paths during exception logging, which allows an attacker to inject newline characters and forge or manipulate log entries...
PT-2026-20945
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...
SPIP 安全漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability, which was caused by improper cleaning of URLSYNDIC outputs on private joint site pages. This vulnerability could lead to storage-side cross-site...