557 matches found
CVE-2026-57167
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
Debian dla-4669 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
PT-2026-55875
Name of the Vulnerable Software and Affected Versions PHP version 8.2 Description A failure to establish a TLS handshake the process where a client and server authenticate each other and establish encryption keys with a remote server can lead to a Denial of Service DoS condition. Recommendations ...
PT-2026-55209
Name of the Vulnerable Software and Affected Versions Concourse versions prior to 8.2.3 Description An open redirect issue exists in the login flow. An attacker can craft a URL that redirects users from the Concourse web server to an external site, which could be utilized in phishing attacks to...
CVE-2026-12084
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
SUSE-SU-2026:22380-1 Security update for loupe
This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...
CVE-2026-57663
CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions
Oracle Linux 9 : php:8.2 (ELSA-2026-22143)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22143 advisory. php 8.2.31-1 - rebase to 8.2.31 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 php-pecl-rrd 2.0.3-4 - build for PHP 8.1 2070040...
TencentOS Server 3: php:8.2 (TSSA-2026:0547)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0547 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
ALPINE-CVE-2026-56410
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...
CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
PT-2026-51241
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the getAttributeId function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be...
CVE-2026-56131
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...
CVE-2026-35282
Technical details for CVE-2026-35282 are not publicly provided in the supplied documents. Monitor for updates from Oracle security alerts and CVE records.
CVE-2026-53694
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...
CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
PT-2026-48633
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...