CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

PT-2025-51415

Name of the Vulnerable Software and Affected Versions Essential Real Estate versions through 5.2.2 Description An authorization issue exists in g5theme Essential Real Estate, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Essential Real Esta...

PowerDNS Recursor 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 5.0.10, 5.1.4, and 5.2.2 and above, which stems from the fact that spoofing attempts for ECS-enabled queries have a higher chance of...

AZL-60261 CVE-2025-31344 affecting package giflib for versions less than 5.2.1-10

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...

AZL-77498 CVE-2025-30204 affecting package dcos-cli 1.2.0-20

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

UBUNTU-CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +163 more potentially affected by CVE-2021-32640 via ws (>=5.0.0 <=5.2.2)

ws NPM version =5.0.0, =0.1.2, =0.3.7, =0.1.8, =1.0.0, =1.0.0, =1.0.17-beta, =1.3.6, =0.1.0, =3.0.0, =3.0.0, =1.0.21, =1.0.27 and more Source cves: CVE-2021-32640 Source advisory: OSV:GHSA-6FC8-4GX4-V693...

Linux denial of service vulnerability

lux is a cryptocurrency. A security vulnerability exists in lux version 5.2.2 and earlier. A remote attacker could exploit this vulnerability to cause a denial of service...

strongswan -- Denial-of-service and potential remote code execution vulnerability

StrongSwan Project reports A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 5.3.0 are affected...