Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

CVE-2026-46384 iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. Versions of Portainer Community Edition from 2.33.0 to 2.33.8 contained security vulnerabilities. These vulnerabilities stemmed from the kubeClientMiddleware middleware...

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

CVE-2026-42887

CVE-2026-42887 affects Audiobookshelf before version 2.33.0. The issue is a stored cross-site scripting (XSS) in the Login Page caused by improper sanitization of the authLoginCustomMessage field in the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary H...

Audiobookshelf 跨站脚本漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.33.0 had a cross-site scripting vulnerability. This vulnerability occurred due to the login page not properly cleaning the authLoginCustomMessage field, allowing for...

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

PT-2026-28069

Name of the Vulnerable Software and Affected Versions Requests versions prior to 2.33.0 Description The requests.utils.extract zipped paths function uses a predictable filename when extracting files from zip archives into the system temporary directory. If a file with the same name already exists...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.components:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...

CVE-2023-41665

Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0...

PT-2024-12952 · Givewp · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP versions 2.33.0 and earlier Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in GiveWP. Recommendations: For versions 2.33.0 and earlier, update to a version later than 2.33.0 to resolve...

CVE-2023-52146 WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0...

PT-2024-14435 · Unknown · Aaron J 404 Solution

Name of the Vulnerable Software and Affected Versions: Aaron J 404 Solution versions n/a through 2.33.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have...