EUVD-2026-35496

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-44473 Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...

EUVD-2026-32562

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from the D-Link company. Version 1.10 of the D-Link DIR-513 contains a security vulnerability, which stems from a stack buffer overflow in the curTime parameter of the goform/formSetWANWizard52 function...

CVE-2026-25642

CVE-2026-25642 affects HedgeDoc; prior to version 1.10.6, the security policy for files served under /uploads/ was insufficient, resulting in a too open Content-Security-Policy and enabling hosting of malicious interactive content (e.g., fake login forms) via SVG files. The issue is fixed in 1.10...

Fedora 44 : node-exporter (2026-eaa86d8456)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-eaa86d8456 advisory. Automatic update for node-exporter-1.10.2-3.fc44. Changelog Fri Jan 30 2026 Alejandro Sez - 1.10.2-3 - Fix race condition Fri Jan 16 2026 Fedora...

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

CVE-2025-61689

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header...

PT-2023-25163 · Jenkins · Jenkins Maven Repository Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Repository Server Plugin versions 1.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape project and build display names on the Build...

silverstripe framework 授权问题漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 1.10 and earlier versions. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...

DEBIAN-CVE-2017-17509

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5Gentdecodevec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file...