1841 matches found
CVE-2026-8274
CVE-2026-8274 affects npitre cramfs-tools up to version 2.1. The vulnerability is in the Directory Handler’s cramfsck.c do_directory function and enables local path traversal. Exploitation requires local access; the vulnerability is disclosed publicly. A fix is available in version 2.2, with patc...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017740)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017740 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Partition. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017705)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017705 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...
CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...
CVE-2026-7899
Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
BIT-JAVA-2020-14581
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...
PT-2026-37990
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...
EUVD-2024-55566
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-5766 Source advisory: OSV:PYSEC-2026-54...
JLSEC-2026-454 A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic....
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...
PT-2026-38177
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue exists in ReadingMode. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox by using a...
PT-2026-38131
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in CSS allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs wh...
PT-2026-37288
Name of the Vulnerable Software and Affected Versions s3-proxy versions prior to 0.0.0-20260424211602-1320e4abd46a Description Inconsistent URL path normalization and routing logic lead to authorization bypasses, allowing unauthenticated access to protected objects. The issues stem from a mismatc...
PT-2026-38143
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read and write issue exists in GFX, which allows a remote attacker to perform arbitrary read and write operations via malicious network traffic. Recommendations Update ...
GHSA-6RR6-V7CJ-MXPG Prefect Auth Bypass via endswith() Health Check Exemption
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...
TOTOLINK N300RH 缓冲区错误漏洞
TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...
PT-2026-36291
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...