38 matches found
GHSA-6Q7J-XR26-3H2C Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...
EUVD-2026-19713
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...
EUVD-2026-19711
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...
EUVD-2026-9083
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...
CVE-2026-21743
The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...
CVE-2026-22690
CVE-2026-22690 affects the Python PDF library pypdf prior to version 6.6.0. The issue allows long runtimes for malformed PDFs caused by omitting the /Root entry in the trailer while using a large /Size value; the vulnerability occurs in non-strict reading mode. The problem has been addressed and ...
CVE-2022-23697
A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...
Elliptic Uses a Cryptographic Primitive with a Risky Implementation
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...
CVE-2025-67461 Zoom Rooms for macOS - External Control of File Name or Path
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-40021 affecting package kernel for versions less than 6.6.112.1-2
CVE-2025-40021 affecting package kernel for versions less than 6.6.112.1-2. An upgraded version of the package is available that resolves this issue...
AZL-70076 CVE-2025-40195 affecting package kernel for versions less than 6.6.117.1-1
In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mntnsrelease When calling in listmount mntnsrelease may be passed a NULL pointer. Handle that case gracefully...
CVE-2025-52656
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...
CVE-2025-52654 HCL MyXalytics is affected by an HTML Injection
HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation...
PT-2025-40574
Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.6 Description The software is susceptible to a Mass Assignment issue. This happens when user-supplied data is automatically mapped to application objects without sufficient validation or access controls, potentially...
CVE-2025-38500 affecting package kernel for versions less than 6.6.104.2-1
CVE-2025-38500 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-38474 affecting package kernel for versions less than 6.6.104.2-1
CVE-2025-38474 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...
Linux Distros Unpatched Vulnerability : CVE-2023-45935
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is...
CVE-2023-25292
Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...
CVE-2023-24648
Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...