517858 matches found
📄 IO-Compress 2.219 Eval Injection
An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...
Linux Distros Unpatched Vulnerability : CVE-2026-34180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer...
CVE-2026-44634 Stack buffer overflows in SimpleBLE
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...
EUVD-2026-35913
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...
CVE-2026-44634
The CVE-2026-44634 affects SimpleBLE prior to version 0.14.0, with multiple stack-based buffer overflow flaws. One in the dongl backend’s Protocol::simpleble_write (local, caller-controlled input); two related to processing BLE advertisement data (manufacturer-specific and service data) that can ...
CVE-2026-44634 Stack buffer overflows in SimpleBLE
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...
EUVD-2026-35880
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...
CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...
CVE-2026-46539
CVE-2026-46539 affects Nimiq (Rust, Albatross-based PoS). Prior to 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven returns true without cryptographic verification when get_interlink_hops yields an empty hop list, specifically for the target block at the election block position immedia...
CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...
CVE-2026-34417
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...
ollama-silent-patches
OLLAMA SILENT PATCH DISCLOSURE — PUBLIC RELEASE v2 Responsi...
GHSA-MRHX-6PW9-Q5FH PhoenixStorybook has cross-session PubSub topic injection via URL parameter
Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...
PhoenixStorybook has cross-session PubSub topic injection via URL parameter
Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities...
CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...
CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...
CVE-2026-34417
OSCAL-GUI contains a reflected XSS vulnerability in oscal-forms.php. An unauthenticated attacker can inject content via the project_request parameter, which is URL-decoded and assigned to project_id in oscal-functions.php. If the provided project ID isn’t found, the unsanitized value is concatena...
CVE-2026-11585
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-11583
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...