CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

Embedded Malicious Code

Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...

CVE-2026-0049

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0049

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-34786

Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Staticapplicablerules’ evaluation of header rules for PATHINFO when the original URL is encoded. The underlyin...

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

UBUNTU-CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.8 contained security vulnerabilities, where sensitive information in the heap memory could be leaked through decoded pixel data...

PT-2026-29620

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.7 Description OpenEXR, an image storage format used in the motion picture industry, may disclose sensitive information from heap memory through decoded pixel data. This information disclosure occurs when...

PT-2026-30698

Name of the Vulnerable Software and Affected Versions Apache HTTP Server affected versions not specified Description A persistent denial of service can occur due to resource exhaustion in the LocalImageResolver.java component. This could lead to a local denial of service without requiring...

JustHTML has a Sanitizer Bypass (in Markdown)

Summary tomarkdown does not sufficiently escape text content that looks like HTML. As a result, untrusted input that is safe in tohtml can become raw HTML in Markdown output. This is not specific to tokenizer raw-text states like , , or , although those states can trigger the behavior. The root...

CVE-2026-30238

CVE-2026-30238 affects Group-Office. A reflected XSS in the external/index flow arises from the f parameter (Base64 JSON) being decoded and injected into an inline JavaScript block without strict escaping, enabling arbitrary JavaScript execution in the victim’s browser. Affected versions are prio...

ASB-A-444671303

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-6863

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...

CVE-2026-22027

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...