GCVE-1-2026-0007

creationtimestamp| type| source ---|---|--- 2026-01-20 21:00:27+00:00| seen| https://bsky.app/profile/adulau.infosec.exchange.ap.brid.gy/post/3mcv2ed5ci5s2 2026-01-20 21:09:51+00:00| seen| https://infosec.exchange/@adulau/115929431973189919 2026-01-20 21:12:45+00:00| seen|...

CVE-2026-23843

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-57156

Summary (CVE-2025-57156) : A NULL pointer dereference in the owntone-server component, specifically in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c, can be triggered by a remote attacker through commits up to 6d604a1 (post-version 28.12). This vulnerability allows remote Denial...

Trust Wallet Core security vulnerability

Trust Wallet Core is an open-source, cross-platform, mobile-centric library developed by Trust Wallet. Versions of Trust Wallet Core prior to 5668c67 contained a security vulnerability. This vulnerability stemmed from an excessive buffer read in the PublicKey::verify method, which could lead to...

PT-2026-3653

Name of the Vulnerable Software and Affected Versions owntone-server versions prior to the commit after version 28.2 Description A flaw exists in owntone-server due to a NULL pointer dereference within the daap reply groups function, located in src/httpd daap.c. This issue, present through commit...

PT-2026-3738

Name of the Vulnerable Software and Affected Versions Wrangler versions prior to 3.114.17 Wrangler versions prior to 4.59.1 Wrangler version 2 EOL Description A command injection issue exists in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed to a...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-63647

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...

Cloudflare Wrangler security vulnerabilities

Cloudflare Wrangler is a repository managed by Cloudflare. Cloudflare Wrangler has a security vulnerability that stems from insufficient validation or cleanup of the --commit-hash parameter, which may lead to command injection attacks...

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

CVE-2026-23880

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

CVE-2026-23880 OnboardLite has stored Cross-site Scripting issue that may lead to admin Account Take Over

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

CVE-2026-23880

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

CVE-2026-23843

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...

CVE-2026-23878

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

EUVD-2026-3298

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...