68 matches found
CVE-2026-42458
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...
CVE-2026-35397
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...
EUVD-2026-17610
lodash vulnerable to Code Injection via .template imports key names...
CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
BIT-POSTGRESQL-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
UBUNTU-CVE-2026-2007
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007
CVE-2026-2007 affects PostgreSQL 18.0 and 18.1 due to a heap buffer overflow in the pg_trgm component, where crafted input strings can write patterns into server memory. The attacker’s control over the byte patterns is limited, and the document notes unknown impacts, with a potential for privileg...
2026-02 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5075904)
2026-02 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5075904...
📄 AVideo 18.0 Cross Site Scripting
AVideo version 18.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 18.0 XSS vulnerability | | Author : indoushka | | Tested on : windo...
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
PT-2026-6116
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 10 Description The Linux kernel contains a flaw within the virtio net subsystem. Specifically, an inconsistency exists in how memory is allocated and freed for the RSS header. The initial allocation uses...
PT-2026-2950
Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...
WordPress Hummingbird plugin <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File vulnerability
Unauthenticated Sensitive Information Exposure via Log File vulnerability discovered by ISMAILSHADOW in WordPress Plugin Hummingbird versions = 3.18.0...
EUVD-2025-204263
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...
CVE-2025-66430
Plesk 18.0 has Incorrect Access Control...
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...
2025-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5066586)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Exploit for Improper Input Validation in Microsoft
MSMQ Vulnerability Proof of Concept This repository contains...