CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

CVE-2026-33526

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP...

EUVD-2026-14710

Out-of-bounds Read vulnerability in tildearrow furnace ‎extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7...

PT-2026-27348

CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

PT-2026-27346

Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

EUVD-2026-11739

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

CVE-2025-10350 SQL injection in CGM NETRAAD

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

CVE-2020-7146

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

CVE-2025-66359

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting XSS vulnerability...

CVE-2025-47220

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLESIGNATURECUSTOMIMAGEPATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an...

CVE-2025-47222

Keyfactor SignServer is affected in versions prior to 7.3.2 by a class name enumeration vulnerability that allows information about loaded classes to be exposed to the client side when setting a chosen class name in properties requiring a class path. The issue arises from an unexpected difference...

EUVD-2017-9318

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects ...

PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...

CVE-2023-2566

Cross-site Scripting XSS - Stored in GitHub repository openemr/openemr prior to 7.0.1...

OpenEMR 代码问题漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A code issue vulnerability exists in versions prior to OpenEMR 7.0.3.1 that stems...