86 matches found
CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...
CVE-2026-40491
gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...
[SECURITY] Fedora 42 Update: giflib-5.2.2-9.fc42
giflib is a library for reading and writing gif images...
CVE-2026-1843
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in Apache Commons Lang affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Apache Commons Lang has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48924...
CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-21896
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
CVE-2023-49180
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the content changes API when permission checks are not properly enforced. An attacker can modify site content by sending unauthorized write requests. Note: This is only exploitable if user permissions have be...
CVE-2025-68071
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...
CVE-2025-66127
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...
CVE-2025-68071 WordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...
CVE-2025-66127 WordPress Essential Real Estate plugin <= 5.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...
TencentOS Server 4: giflib (TSSA-2025:0296)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0296 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to unexpected behavior in pytorch [CVE-2025-55552]
Summary IBM Watson Speech Services Cartridge is vulnerable to unexpected behavior in pytorch , that creates an inconsistent swap wih eager when compilingCVE-2025-55552. Pytorch is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [ CVE-2025-4287]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch that can be manipulated to cause a Denial of Service attack CVE-2025-4287. PyTorch is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy [CVE-2025-22870]
Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy, due to matching of hosts against proxy patterns which can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Golang is used in our speech utilities. This...
EUVD-2021-11383
Malware in sbrugna...
EUVD-2004-0050
Malware in sbrugna...