EUVD-2026-38003

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions...

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...

CVE-2026-11941

Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...

CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

EUVD-2026-36462

Netty: QUIC stateless reset token material exposed through header-visible connection IDs...

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

UBUNTU-CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

CVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

Linux Distros Unpatched Vulnerability : CVE-2026-23395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause...

CVE-2025-14436

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userconnectionid’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Exploit for CVE-2025-14436

CVE-2025-14436 Brevo for WooCommerce - Unauthenticated Sto...

EUVD-2025-206266

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userconnectionid’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

VulnCheck KEV: CVE-2025-14436

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userconnectionid’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14436

The CVE-2025-14436 entry concerns the Brevo for WooCommerce WordPress plugin (≤ v4.0.49). It enables unauthenticated Stored XSS via the user_connection_id parameter, due to insufficient input sanitization and output escaping. The vulnerability comprises: vulnerable code in woocommerce-sendinblue....

CVE-2025-14436 Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userconnectionid’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-1742

Name of the Vulnerable Software and Affected Versions Brevo for WooCommerce versions up to and including 4.0.49 Description The Brevo for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the user connection id parameter. Insufficient input sanitization and...