8200 matches found
VulnCheck KEV: CVE-2026-24477
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
PT-2026-29667
Name of the Vulnerable Software and Affected Versions DbGate versions 7.0.0 through 7.1.5 Description DbGate, a cross-platform database manager, contains a stored cross-site scripting XSS issue due to attacker-controlled SVG icon strings being rendered as raw HTML without proper sanitization. In...
Secure Network Function Computation for General Target and Security Functions
Secure network function computation is a critical research direction in network coding, which aims to ensure that the target function is correctly computed at the sink node while preventing the wiretapper from obtaining any information about the security function. In this paper, we focus on the...
GHSA-PQHR-MP3F-HRPP Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters
Product: Nuxt OG Image Version: injection via html parameter GET /og/d/og.png?html= When verbose errors are enabled, the response content is leaked in base64-encoded error messages. Vector 3: SVG injection via html parameter GET /og/d/og.png?html= Mitigation Fixed in v6.2.5. The image source plug...
CVE-2026-34605
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...
EUVD-2026-17531
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087
CVE-2026-5087 affects PAGI::Middleware::Session::Store::Cookie for Perl, versions up to 0.001003. The root cause is that the store reads random bytes directly from /dev/urandom; if that device is unavailable (e.g., on Windows), it issues a warning and falls back to using the built-in rand() funct...
PT-2026-29290
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16131)
IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...
PAGI::Middleware::Session::Store::Cookie 安全漏洞
PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...
FreeBSD : Roundcube -- SVG Attribute Bypass (095e9db2-2b5b-11f1-9839-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 095e9db2-2b5b-11f1-9839-8447094a420f advisory. The Roundcube project reports: . Tenable has extracted the preceding description block directly from th...
CVE-2026-4980
A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...