190 matches found
CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...
UBUNTU-CVE-2026-49146
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
CVE-2026-13751
CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...
CVE-2026-13750 Snowflake CLI Sensitive Credential Exposure Through Debug Logging
Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...
CVE-2026-13746 Snowflake CLI SQL Injection Through Improper Neutralization of Local CLI Parameters
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...
CVE-2026-47103
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
CVE-2026-48613
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...
CVE-2026-9538
CVE-2026-9538 affects Archive::Tar prior to 3.10 for Perl. A crafted tar header can set a multi‑gigabyte size, causing _read_tar() to allocate a scalar of that size, leading to memory exhaustion. The vulnerability arises from reading entry payloads with a size block derived from the header withou...
CVE-2026-48227
Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient.php, where an unsanitized id and ticket_id in GET parameters can inject JavaScript into the HTML form action URL. The vulnerability allows authenticated users to craft requests that execute in a victim’s browser when the re...
CVE-2026-48217
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...
CVE-2026-35008
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...
Linux Distros Unpatched Vulnerability : CVE-2026-45232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...
VulnCheck KEV: CVE-2025-67303
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...
CVE-2026-32686 Unbounded exponent in decimal enables unauthenticated DoS
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent e.g. Decimal.new"1e1000000000" is accepted without error. Subsequent cal...
CVE-2026-43964
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...
CVE-2026-41429
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...
WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...
CVE-2026-4821
The CVE-2026-4821 entry describes an improper neutralization of special elements vulnerability in GitHub Enterprise Server . It allows an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields (e.g., http_pro...
iTerm2 安全漏洞
iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...
WeGIA 安全漏洞
WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made the system susceptible to storage-type cross-site scripting attacks. This allowed...