7085 matches found
Vendure Core - SQL Injection
Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...
AntD Admin - Sensitive Information Disclosure
AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...
WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection
ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...
CVE-2026-57877
Geovision GV-LPC2011/LPC2211 devices running vlsvr (affected firmware V1.12 and earlier) expose an unauthenticated format-string vulnerability in log message handling during login. The issue arises from improper handling of externally controlled input in the login processing path, potentially all...
CVE-2026-53160
A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...
CVE-2026-48793
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...
CVE-2026-13164
Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...
CVE-2026-44173
A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...
CVE-2026-56411
A flaw was found in libexpat, a software library used for parsing XML Extensible Markup Language documents. An attacker could exploit an integer overflow vulnerability in the xmlwf utility by crafting malicious NOTATION declarations. This could lead to the disclosure of sensitive information or...
CVE-2025-2669
CVE-2025-2669 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions 4.8, 5.0, 5.1, 5.2, 5.3). The root cause is improper token validation, enabling a privileged user to perform operations and access sensitive information outside their authority. The available sou...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
CVE-2026-56378
ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte...
Linux Distros Unpatched Vulnerability : CVE-2026-56210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...
CVE-2026-50519
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A flaw was discovered in the Netfilter subsystem of the Linux kernel. The sctpmtcheck function did not validate the flagcount field properly. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, resulting in a system crash or the disclosure of sensitive...
Astra Linux – Vulnerability in Intel Microcode
The exposure of sensitive information due to shared microarchitectural predictor states, which affect transient execution in the indirect branch predictors of certain Intel processors, may allow an authenticated user to potentially disclose information through local access...
Astra Linux – Vulnerability in Intel Microcode
Observable discrepancies in the RAPL interface of certain Intel processors may allow a privileged user to potentially enable information disclosure through local access...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been addressed through improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information...
Astra Linux – Vulnerability in WebKit2GTK
A cookie management issue has been resolved through improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information...
EUVD-2026-37962
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...