510 matches found
CVE-2026-8797
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT
Summary IBM Cloud Pak for Data System CPDS 1.0 uses the PyJWT library, a JSON Web Token implementation in Python. CVE-2026-32597 affects PyJWT's validation of the crit Critical Header Parameter as defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT do...
ROS-20260605-73-0026
The vulnerability in Tomcat10 is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
PT-2026-44493
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper neutralization of input during web page generation allows for stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that is not...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...
Vinyl/Varnish -- HTTP/2 parsing deficiency
Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation...
ROS-20260505-73-0056
Vulnerability in python3.10 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-7586 Open5GS AMF nudm-handler.c ogs_id_get_value denial of service
A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogsidgetvalue of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
WordPress plugin VI: Include Post By 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-66487
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...
GO-2026-4704 IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd
IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd...
BIT-PYTHON-2026-3479 pkgutil.get_data() does not enforce documented restrictions
pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...
PT-2026-31533
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Improper input validation within the WebML component in Google Chrome could lead to an out-of-bounds memory write. This issue was discovered in versions of Google Chrome before...
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...
WordPress Plugin Avada Core Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Avada Core, which stems fro...
HCL AION SQL Injection Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...
CVE-2025-52644
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...
PT-2026-25749
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...
CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...