CVE-2025-67419

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.1.0 and earlier versions, which stems from unlimited resource consumption when processing SVG files and could lead to a denial of service attack...

PT-2026-1330

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.0 Description A Denial of Service DoS issue exists in evershop that allows unauthenticated attackers to exhaust application server resources. This occurs through the use of the ''GET /images'' API endpoint. The...

Quantum AI for Cybersecurity: A Hybrid Quantum-Classical Models for Attack Path Analysis

Modern cyberattacks are increasingly complex, posing significant challenges to classical machine learning methods, particularly when labeled data is limited and feature interactions are highly non-linear. In this study we investigates the potential of hybrid quantum-classical learning to enhance...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

EUVD-2026-0753

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

EUVD-2026-0754

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433

Summary: CVE-2026-21433 affects Emlog up to v2.5.19. The vulnerability is a server-side SSRF/OOB via uploaded SVG files. An attacker can upload a crafted SVG to /admin/media.php; when Emlog processes or renders the SVG (thumbnailing/preview/sanitization), the server issues an HTTP request to an a...

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...

PT-2026-1122

Name of the Vulnerable Software and Affected Versions libtpms versions 0.10.0 through 0.10.1 Description libtpms, a library providing software emulation of a Trusted Platform Module, contains a flaw impacting data confidentiality. When integrated with OpenSSL 3.x, the library incorrectly returns...

Linux Distros Unpatched Vulnerability : CVE-2026-21444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of...

CVE-2025-68950

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. ImageMagick fails to check for circular references between two Magick Vector Graphics MVG files. A remote attacker could exploit this by providing a specially crafted MVG file, leading...

CVE-2025-68618

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. An attacker could exploit this vulnerability by providing a specially crafted malicious SVG Scalable Vector Graphics file. Processing this file would lead to a Denial of Service DoS...

PT-2026-7086

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.13 Roundcube Webmail versions prior to 1.6.13 Description When the "Block remote images" feature is enabled, Roundcube Webmail fails to block SVG feImage elements. This can potentially allow for maliciou...