73 matches found
EUVD-2026-42261
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
DEBIAN-CVE-2026-12143
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...
CVE-2026-45090
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
UBUNTU-CVE-2026-46081
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...
BIT-GDAL-2026-8087 OSGeo gdal GDapi.c GDnentries heap-based overflow
A security flaw has been discovered in OSGeo gdal up to 3.13.0. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploi...
SUSE CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
GHSA-H9RH-5FFH-H669 OSGeo GDAL vulnerable to heap-based buffer overflow
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDnentries function. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted DataFieldName argument. Remediation Upgrade gdal to version 3.12.4 or higher...
CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
PYSEC-2026-2155
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
DEBIAN-CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
CVE-2026-8087 OSGeo gdal GDapi.c GDnentries heap-based overflow
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
GDAL 缓冲区错误漏洞
GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the operation of the parameter DataFieldName in the function GDnentries within the file...
CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...
CVE-2026-6127
The Elementor Website Builder WordPress plugin (versions ≤ 4.0.4) is affected by a Stored Cross-Site Scripting (XSS) via the _elementor_data meta field. Root cause: insufficient input sanitization when handling form-encoded REST API requests; sanitize_callback missing for show_in_rest field, and ...
CVE-2026-33657
CVE-2026-33657 affects EspoCRM up to version 9.3.3, where an stored HTML injection vulnerability allows an authenticated user with standard privileges to inject HTML into system-generated email notifications. Root cause: server-side Handlebars templates render the unescaped post field (triple-bra...
CRLF Injection
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitrary server-sent...
CRLF Injection
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitra...
GHSA-4HXC-9384-M385 h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
Summary The EventStream class in h3 fails to sanitize carriage return \r characters in data and comment fields. Per the SSE specification, \r is a valid line terminator, so browsers interpret injected \r as line breaks. This allows an attacker to inject arbitrary SSE events, spoof event types, an...
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
Summary The EventStream class in h3 fails to sanitize carriage return \r characters in data and comment fields. Per the SSE specification, \r is a valid line terminator, so browsers interpret injected \r as line breaks. This allows an attacker to inject arbitrary SSE events, spoof event types, an...