150 matches found
MINI-Q6X3-GG7F-2JH6
Bulletin has no description...
PT-2026-47223
Name of the Vulnerable Software and Affected Versions guzzlehttp/psr7 versions prior to 2.10.2 Description The library fails to reject ASCII control characters, whitespace, or DEL in first-party URI host components. When an application uses a user-controlled URL to construct a PSR-7 Uri or Reques...
CVE-2026-7937
creationtimestamp| type| source ---|---|--- 2026-05-06 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260507 2026-05-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260508...
CVE-2026-32965
creationtimestamp| type| source ---|---|--- 2026-04-19 19:30:00+00:00| seen| https://jvn.jp/en/vu/JVNVU94271449 2026-04-20 05:17:09+00:00| seen| Telegram/oT3io0aR7EQyKUnAhTuUuKTmw-PFwRgwwLAn7oSA51QT1kY 2026-04-20 06:19:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjvt67q6qq2k...
CVE-2026-25430
creationtimestamp| type| source ---|---|--- 2026-04-09 11:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj2pfe25hm2c...
CVE-2026-31998
creationtimestamp| type| source ---|---|--- 2026-03-20 05:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhhsj4wzoq2a...
CVE-2026-24113
creationtimestamp| type| source ---|---|--- 2026-03-02 16:12:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg3ngqnnyq2d...
CVE-2026-27125
svelte is a performance oriented web framework. Server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside ...
CVE-2026-1837
An out of bounds write has been discovered in libjxl. A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color...
EUVD-2026-3899
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through = 3.5.5...
EUVD-2026-3932
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yolox: from n/a through = 1.0.15...
EUVD-2026-3962
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through = 1.0.5...
EUVD-2026-3985
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through = 1.1.3...
CVE-2026-1134
creationtimestamp| type| source ---|---|--- 2026-01-19 05:43:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcqwqqwwa52v...
EUVD-2026-2231
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel...
EUVD-2026-2265
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...
EUVD-2026-2329
In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otgevent is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2...
EUVD-2026-1771
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...
EUVD-2026-1252
EUVD-2026-1252...
EUVD-2026-1278
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...