GHSA-97R8-RF7Q-WMJW

creationtimestamp| type| source ---|---|--- 2026-05-18 14:10:50+00:00| seen| https://gist.github.com/alon710/98fbc08fd28e864acb5a0c94e605d960...

CGA-2RX6-Q92R-6R9F

Bulletin has no description...

MINI-4FWM-6M54-JCJQ

Bulletin has no description...

EUVD-2026-3414

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

EUVD-2026-2959

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

EUVD-2026-3038

EUVD-2026-3038...

EUVD-2026-2044

Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

EUVD-2026-1558

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through = 2.1.0...

EUVD-2026-0082

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-204446

Not used...

CGA-V334-MW6G-QM48

Bulletin has no description...

CVE-2022-49239 ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing ofnodeput in wcd934xcodecparsedata The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This is similar to commit 64b92de9603f...

WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following markup: alert"XSS"; Load the SVG and see the XSS. Code reference:...

GHSA-W23Q-4HW3-2PP6 Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation

Impact All users on Windows are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject in a specific...

Add check to disallow creation of Standard Denomination pool

Lines of code Vulnerability details Impact CreatePool does not check if the counterpartyDenom is a Standard Denomination. This can lead to creation of pools where the StandardDenom and the CounterpartyDenom are the same. Code reference // CreatePool create a liquidity that saves relevant...

Extraordinary proposal can become stuck

Lines of code Vulnerability details Since standard and extraordinary proposals use the same treasury funds accounting variables and extraordinary voting period is long enough 1 month, it is possible that extraordinary proposal that was valid and gained enough votes will end up frozen: it might no...

latestRoundData should have returned value checks

Lines of code Vulnerability details Impact when we use the latestRoundData we should always check the returned value because it may return stale data. , int256 price, , , = feed.latestRoundData; Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any...

Wrong usage of positionId in ConcentratedLiquidityPoolManager

Handle broccoli Vulnerability details Impact In the subscribe function of ConcentratedLiquidityPoolManager, the incentive to subscribed is determined as follows: Incentive memory incentive = incentivespoolpositionId; However, positionId should be incentiveId, a counter that increases by one...

A2SV - Auto Scanning to SSL Vulnerability

█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit

No description provided by source. / CoolPlayer 2.19 Skin File Local Buffer Overflow Exploit Advisory: http://www.bmgsec.com.au/advisory/43/ Test box: WinXP Pro SP2 English Code reference is in skin.c, lines 464 - 480 Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au /...