65033 matches found
CVE-2026-3777
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...
listmonk 代码问题漏洞
ListMonk is a high-performance, self-hosted newsletter and mailing list manager developed by Kailash Nadh. Versions of ListMonk prior to 6.1.0 contained code vulnerabilities due to session management issues. These vulnerabilities allowed previously issued authenticated sessions to remain valid...
TP-Link Tapo C520WS 安全漏洞
The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version has a security vulnerability. This vulnerability stems from inconsistencies in the JSON request parsing and authorization logic during the authentication check in the DS configuration...
PT-2026-29892
Name of the Vulnerable Software and Affected Versions Hirschmann HiEOS devices versions prior to 01.1.00 Description Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTPS management module. Attackers can gain administrative access by sending specially...
Missing Source Correlation of Multiple Independent Data
Overview Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in the PUT /api/v1/subscriber/imsi API endpoint. An attacker can alter another user's policy settings and falsify audit logs by providing mismatched IMSI values in the request path...
Missing Source Correlation of Multiple Independent Data
Overview Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in the PUT /api/v1/subscriber/imsi API endpoint. An attacker can alter another user's policy settings and falsify audit logs by providing mismatched IMSI values in the request path...
CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability
A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...
EUVD-2026-17755
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...
CVE-2026-3777
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...
CVE-2026-3779
The CVE-2026-3779 entry concerns Foxit Reader/Foxit PDF Editor: a use-after-free in the list box calculate array logic, where stale references to page/form objects after deletion/re-creation can be triggered by specially crafted PDFs, potentially enabling arbitrary code execution. Cisco Talos att...
CVE-2026-3777 Use after free of view cache in Foxit PDF Editor/Reader
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...
CVE-2026-3777
Summary: CVE-2026-3777 affects Foxit PDF Editor/Reader (multiple platforms). The vulnerability is a use-after-free caused by improper validation of lifetime/validity of internal view cache pointers after JavaScript alters document zoom and page state. When a script modifies zoom and triggers a pa...
CVE-2026-3777
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...
PT-2026-29964
It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...
PT-2026-29709
Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.8.0 Description The PUT /api/v1/subscriber/imsi API endpoint accepts an IMSI identifier from both the URL path and the JSON request body without verifying they match. This allows an authenticated NetworkManager to...
CVE-2026-32619 Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
EUVD-2026-17417
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
UBUNTU-CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...