GHSA-G857-HHFV-J68W Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Details A buffer overflow vulnerability exists in Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to...

CVE-2026-27206

A flaw was found in zumba/json-serializer. A remote attacker can exploit a deserialization vulnerability by providing untrusted JSON input that leverages a special @type field to instantiate arbitrary classes. This can lead to PHP Object Injection, potentially allowing the attacker to achieve...

CVE-2026-27206

CVE-2026-27206 is captured in the Debian security tracker as a potential PHP object injection vulnerability: “Potential PHP Object Injection via Unrestricted @type in unserialize()”. The connected document does not specify affected products, versions, or a concrete root cause beyond the unrestric...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

CVE-2026-0690 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

node-jws 数据伪造问题漏洞

node-jws is a JSON Web signature library open-sourced by Auth0. A data forgery issue vulnerability exists in node-jws versions 3.2.2 and earlier and 4.0.0, which stems from improper HS256 algorithm signature validation and could lead to signature validation bypass...

CVE-2025-47286

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on i...

CVE-2025-47932

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management, and problem management. A cross-site scripting vulnerability exists in Combodo...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

WordPress Get Cash plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Get Cash versions = 3.2.3...

Owl Admin 安全漏洞

Owl Admin is a fast and flexible backend framework from Owl Admin. A security vulnerability exists in Owl Admin v3.2.2 through v4.10.2, which stems from an SQL injection in /admin-api/system/adminmenus/saveorder...

PT-2024-28200 · WordPress · Wp Media Sas Search & Replace

Name of the Vulnerable Software and Affected Versions: WP MEDIA SAS Search & Replace versions n/a through 3.2.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Search & Replace plugin. Recommendations: For versions n/a through 3.2.2, update to a version...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

WordPress plugin Search & Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-62324 CVE-2023-5841 affecting package OpenEXR 2.3.0-6

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...

PT-2024-13683 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.2 and prior Description: The issue allows a local attacker to cause a multimedia audio crash by modifying a released pointer. Recommendations: For OpenHarmony versions 3.2.2 and prior, at the moment, there is no...