63 matches found
JLSEC-2026-352
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-5747 Out-of-bounds Write in Firecracker virtio-pci Transport
An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...
CLEANSTART-2026-UK15999 Security fixes for CVE-2025-15558, CVE-2025-47907, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2x5j-vhc8-9cwm, ghsa-6m8w-jc87-6cr7, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-vvgc-356p-c3xw applied in versions: 1.14.4-r1, 1.14.4-r2, 1.17.1-r2, 1.17.1-r3
Multiple security vulnerabilities affect the kyverno-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
WordPress plugin Elementor Addon Elements 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
PT-2026-22133
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-26200
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-26200
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-26200 HDF5 Affected by H5T__conv_struct_opt Heap Buffer Overflow
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-26200
CVE-2026-26200 affects HDF5 before version 1.14.4-2. An attacker able to control an HDF5 file being parsed can trigger a write-based heap buffer overflow, causing a denial of service and potentially, depending on the OS and exploitability, remote code execution. Real-world exploitation for RCE is...
CVE-2026-26200 HDF5 Affected by H5T__conv_struct_opt Heap Buffer Overflow
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-26200 HDF5 Affected by H5T__conv_struct_opt Heap Buffer Overflow
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
AZL-75548 CVE-2025-11065 affecting package skopeo 1.14.4-7
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
Unity Linux 20.1070e Security Update: subversion (UTSA-2026-004812)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004812 advisory. Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access ...
PT-2026-20919
Name of the Vulnerable Software and Affected Versions HDF5 versions prior to 1.14.4-2 Description HDF5 is software used for managing data. An attacker controlling an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow. This can lead to a denial-of-service condition, and...
CVE-2025-58183 affecting package skopeo for versions less than 1.14.4-7
CVE-2025-58183 affecting package skopeo for versions less than 1.14.4-7. A patched version of the package is available...
CVE-2025-66548
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...
EUVD-2025-201466
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...