CVE-2026-42889

Summary (CVE-2026-42889): Relay Server (used with Obsidian) versions 0.9.0–0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were treated as having full server permissions, all...

Relay Server 安全漏洞

Relay Server is an open-source system by System 3 that supports offline collaborative real-time document synchronization. There were security vulnerabilities in the Relay Server versions 0.9.0 to 0.9.6. These vulnerabilities stemmed from WebSocket endpoints for multiple documents, where WebSocket...

PT-2026-26894

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the...

CVE-2026-2784 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

EUVD-2026-4250

Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.1...

EUVD-2026-2340

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox 147 and Firefox ESR 140.7...

EUVD-2026-1901

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

CVE-2022-27654

When a user opens a manipulated Photoshop Document .psd, 2d.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

EUVD-2026-0503

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-198316

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

EUVD-2016-3488

Malware in sbrugna...

EUVD-2021-25668

Malware in sbrugna...

EUVD-2021-17177

Malware in sbrugna...

EUVD-2019-4912

Malware in sbrugna...

EUVD-2018-8458

Malware in sbrugna...

EUVD-2002-0037

Malware in sbrugna...

EUVD-2015-8191

Malware in sbrugna...