58 matches found
CVE-2026-14793
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
EUVD-2026-25593
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard
Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...
BIT-POSTGRESQL-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
UBUNTU-CVE-2026-2007
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007
CVE-2026-2007 affects PostgreSQL 18.0 and 18.1 due to a heap buffer overflow in the pg_trgm component, where crafted input strings can write patterns into server memory. The attacker’s control over the byte patterns is limited, and the document notes unknown impacts, with a potential for privileg...
CVE-2024-54556
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen...
CVE-2024-44238
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory...
CVE-2024-54556
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen...
CVE-2024-54556
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen...
CVE-2024-54556
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen...
CVE-2024-44238
CVE-2024-44238 is tied to Apple iOS/iPadOS and is described as an issue where an app may be able to corrupt coprocessor memory. The connected sources identify the root cause as bounds-check related and state that the vulnerability is fixed in iOS 18.1 and iPadOS 18.1, with remediation described a...
CVE-2024-44238
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory...
CVE-2024-44238
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory...
PT-2026-3263
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen...
PT-2026-3262
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory...
Apple iOS and Apple iPadOS security vulnerabilities
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 18.1 and iPadOS prior to 18.1 contained security vulnerabilities. These...
EUVD-2025-24593
Malicious code in bioql PyPI...
CVE-2025-60094 WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stackable: from n/a through = 3.18.1...