CVE-2026-41933

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

Craft CMS may expose private assets through anonymous "generate transform" calls via transform URL

Summary An unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. The endpoint is anonymous and does not enforce per-asset authorization before returning the transform URL. Details Root cause: - Anonymous...

PT-2026-26177

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the /api/lute/html2BlockDOM endpoint on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace...

CVE-2026-3125

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

EUVD-2026-9474

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass...

CVE-2026-3125

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

CVE-2026-3125

CVE-2026-3125 affects the @opennextjs/cloudflare package and its /cdn-cgi/image/ handler. A path normalization bypass (using a backslash in the path, e.g., /cdn-cgi\image/…) can bypass Cloudflare edge interception, allowing requests to reach the Worker and trigger an unvalidated fetch of arbitrar...

EUVD-2022-33490

Malicious code in bioql PyPI...

CVE-2024-7912

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely...

Third-Party Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.0.1 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation...

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, and 9.5.0 of Jira Software Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 7.5...

Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0

Summary A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Impact Malicious unauthenticated users with knowledge on the underlying...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat...