54248 matches found
HTTP Request Smuggling
Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...
CVE-2026-58460
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
DEBIAN-CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...
CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...
CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
EUVD-2026-41437
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
CVE-2026-58460
CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...
CVE-2026-58460
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
CVE-2026-58467 Cockpit CMS 2.14.0 - Path Traversal Local File Inclusion via index.php
Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...
GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download
Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...
WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Post Content Disclosure vulnerability discovered by nightward in WordPress Plugin Ad Inserter versions = 2.8.16...
CVE-2026-48743
A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...
CVE-2026-50282
Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...
EUVD-2026-41409
Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...
CVE-2026-57763
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2025-69134
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...
CVE-2026-57763 WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2026-57763
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2026-57763
CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.
CVE-2025-69134
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...