7328 matches found
@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)
fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754972...
@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)
fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754804...
@join-com/jest-matchers (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via jest-expect (=0.0.1)
jest-expect NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jest-expect and may be impacted: - @join-com/jest-matchers =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-JESTEXPECT-16755085...
CVE-2020-37218 Joomla com_hdwplayer 4.2 SQL Injection via search.php
Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...
CVE-2026-28374
creationtimestamp| type| source ---|---|--- 2026-05-12 14:04:59+00:00| seen| https://bsky.app/profile/releaseport.com/post/3mlnxgmxk2c23 2026-05-13 00:10:05+00:00| seen| https://bsky.app/profile/releaseport.com/post/3mlozakkufh2g...
CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...
[20260702] - Core - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
EUVD-2026-27655
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...
Agentic Vulnerability Reasoning on Windows COM Binaries
Windows Component Object Model COM services run with elevated privileges and are widely accessible to authenticated users, making race conditions in these binaries a critical surface for local privilege escalation. We present SLYP, an end-to-end agentic pipeline that discovers race condition...
CVE-2026-37572
creationtimestamp| type| source ---|---|--- 2026-04-30 08:49:10+00:00| seen| https://gist.github.com/sgInnora/5aa1682c359a4f4ced53fc2408936e82...
MAL-2026-2901 Malicious code in env_express (npm)
envexpress is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/ZK45J and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
CVE-2026-20806
Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...
CVE-2026-32162
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...
CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability
...
CVE-2026-20806
CVE-2026-20806 is a Windows COM vulnerability described as a type confusion in resource access that can let an authorized, locally authenticated attacker disclose data. The CVE is referenced across multiple sources (NVD, Red Hat, NCSC, CIRCL) with the same description of a local information discl...
PT-2026-32591
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
Microsoft Windows COM 安全漏洞
Microsoft Windows COM is a technology developed by Microsoft Corporation in the United States, aimed at software reuse. COM is described as a platform-independent, distributed, object-oriented system used for creating interactive binary software components. There are security vulnerabilities in...
BIT-JOOMLA-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-35207
In dde-control-center (Deepin Desktop Environment), the plugin-deepinid insecurely skipped TLS certificate verification when fetching user avatars from openapi.deepin.com and similar providers. Prior to version 6.1.80, this allowed a (MITM) attacker to intercept traffic, potentially replace the a...
CVE-2026-35178
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...