273 matches found
CVE-2026-57473
A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...
CVE-2026-39837
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-11177
Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11233
Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...
CVE-2026-7906
Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Better Auth 安全漏洞
Better Auth is an open-source TypeScript framework for authentication. Versions of Better Auth prior to 1.6.5 contained a security vulnerability. This vulnerability stemmed from the clientPrivileges option recording creation operations. However, the OAuth client did not call the hook before...
CVE-2026-40497
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...
OrangeHRM 授权问题漏洞
OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an authorization...
PT-2026-29456
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue exists in the Web MIDI component of Google Chrome on Android. A remote attacker can potentially execute arbitrary code by tricking a user into visiting a special...
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
EUVD-2026-13808
ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...
CVE-2026-25210 affecting package expat for versions less than 2.6.4-4
CVE-2026-25210 affecting package expat for versions less than 2.6.4-4. A patched version of the package is available...
Plane 安全漏洞
Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ProjectAssetEndpoint.patch method, which performed global asset searches based solely on asset IDs,...
CVE-2026-2320
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
AnythingLLM security vulnerabilities
AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.10.0 contained a security vulnerability. This vulnerability stemmed from the /api/setup-complete endpoint exposing the QdrantApiKey in plain text, which could allow attackers to gain read/write...
MiracleLinux 4 : curl-7.19.7-36.AXS4 (AXSA:2013-429:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-429:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...
CVE-2020-7189
A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7168
A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7124
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...