CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

0lever-utils (>=0.0.2 <=0.0.7), 1337x (=1.2.5) +16356 more potentially affected by CVE-2026-21441 via urllib3 (>=1.22.0 <=2.6.2)

urllib3 PYPI version =1.22.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 - a-texam =1.1.0 and more Source cves: CVE-2026-21441 Source advisory: OSV:GHSA-38JV-5279-WG99...

CVE-2025-11375 Consul's event endpoint is vulnerable to denial of service

Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

EUVD-2025-24515

Malicious code in bioql PyPI...

EUVD-2025-24498

Malicious code in bioql PyPI...

EUVD-2025-24514

Malicious code in bioql PyPI...

CVE-2025-54186

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49571

Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, ...

CVE-2025-49573 Substance3D - Modeler | Out-of-bounds Write (CWE-787)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54235 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54204 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54202 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54199 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-32917 · Adobe · Substance3D - Modeler

Name of the Vulnerable Software and Affected Versions: Substance3D - Modeler versions 1.22.0 and earlier Description: Substance3D - Modeler is affected by an out-of-bounds read issue that may result in the disclosure of sensitive memory. Exploitation of this issue requires a user to open a...

PT-2025-32900 · Adobe · Substance3D - Modeler

Name of the Vulnerable Software and Affected Versions: Substance3D - Modeler versions 1.22.0 and earlier Description: Substance3D - Modeler is affected by an uncontrolled search path element issue that may lead to arbitrary code execution with current user privileges. An attacker could manipulate...

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in v1.x versions prior to Nuki Bridge v1.22.0 and v2.x versions prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that an attacker may be able to connect to the device and...

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that sending an incorrectly formatted HTTP verb can force a device to reboot...