3971 matches found
PT-2026-33536
Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out-of-bounds read exists in the PTP DPFF Enumeration case of the ptp unpack Sony DPD function within camlibs/ptp2/ptp-pack.c. The function reads a 2-byte enumeration count N via dtoh16odata,...
CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
CVE-2026-24749
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
EUVD-2026-22276
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369
The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...
CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
PT-2026-32646
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
Autodesk Fusion 跨站脚本漏洞
Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in variant names. This vulnerability may lead to stored-cross-site scripting attacks, allowin...
CVE-2026-32272
Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...
Craft Commerce SQL注入漏洞
Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce 5.5.4 and earlier contain a SQL injection vulnerability. This vulnerability stems from bypassing input cleaning filters for the ProductQuery::hasVariant and...
SUSE CVE-2026-1525
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications using...
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...
Improper Handling of Case Sensitivity
Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to inconsistent case-sensitive and case-insensitive handling of usernames across write an...
CVE-2026-22665
prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit...
CVE-2026-22665
CVE-2026-22665 affects prompts.chat prior to commit 1464475. The root cause is inconsistent handling of usernames across write and read paths, mixing case-sensitive and case-insensitive comparisons. This identity confusion allows creation of case-variant usernames that bypass uniqueness checks, e...
EUVD-2026-18692
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpmresume" This is caused by aqc111suspend calling the PM variant of its writecmd routine. The simplified call trace looks like this:...
CVE-2026-23446
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpmresume" This is caused by aqc111suspend calling the PM variant of its writecmd routine. The simplified call trace looks like this:...