70 matches found
CVE-2026-8309
The CVE-2026-8309 applies to Armiya Information Technologies Ltd. Co. Access Control System (GKS), affected before Version 2. It is a Reflected XSS caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics indicate a Medium impact (5.4) with network attack vec...
PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature
A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
EUVD-2026-34977
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...
CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...
CVE-2026-43859
Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
CVE-2026-32515 WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-1632
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...
CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...
AZL-74636 CVE-2026-0861 affecting package glibc for versions less than 2.35-9
Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...
GHSA-V492-6XX2-P57G Chainlit contains an authorization bypass vulnerability
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
CVE-2023-4829
Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.0.22...
PT-2025-50909
Name of the Vulnerable Software and Affected Versions Simcenter Femap versions prior to 2512 Description An uninitialized memory issue exists in Simcenter Femap. The application is affected when processing specially crafted SLDPRT files, potentially allowing an attacker to execute code within the...
FileRise 跨站脚本漏洞
FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.2.3, which stems from improper handling of SVG files and could lead to stored cross-site scripting...
CVE-2025-32446
Summary: CVE-2025-32446 affects Intel QuickAssist Technology (QAT) software prior to version 2.6.0. An untrusted pointer dereference in Ring 3 (User Applications) could allow an attacker with local access and an authenticated, low‑complexity user to escalate privileges and potentially manipulate ...
EUVD-2021-11725
Malware in sbrugna...
EUVD-2023-43737
Malicious code in bioql PyPI...