305 matches found
PT-2026-6010
Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed GIF file, when processed by Autodesk 3ds Max, can lead to an Out-of-Bounds Write condition. Successful exploitation of this issue could allow a malicious actor t...
Exploit for CVE-2026-24841
No d...
EUVD-2026-4873
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
SUSE CVE-2026-22258
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB...
CVE-2026-24783 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives
soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb/server: Avoid deadlock when linking with “ReplaceIfExists”. If the smb2createlink function is called with “ReplaceIfExists” set, and the file name actually exists, a deadlock will occur. The function ksmbdvfskernpathlocked wi...
CVE-2025-15403
CVE-2025-15403 affects the RegistrationMagic WordPress plugin (versions
PT-2026-3341
Name of the Vulnerable Software and Affected Versions RegistrationMagic versions prior to 6.0.7.1 Description The RegistrationMagic plugin for WordPress is susceptible to a privilege escalation issue. The add menu function is accessible through the rm user exists AJAX action, allowing manipulatio...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001276)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001276 advisory. drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly hav...
EUVD-2026-2439
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...
CVE-2024-34515
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...
Linux Distros Unpatched Vulnerability : CVE-2023-54249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bus: mhi: ep: Only send -ENOTCONN status if client driver is available For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if...
CVE-2025-15067
Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...
CVE-2025-15066
CVE-2025-15066 affects Innorix WP with a path traversal flaw due to improper pathname restriction in the installation directory (exam directory). All versions are implicated if innorix/exam exists; can lead to arbitrary file download. Exploitation details are not provided beyond the description; ...
OPENSUSE-SU-2025:20161-1 Security update for chromium
This update for chromium fixes the following issues: - Chromium 143.0.7499.109 boo1254776: CVE-2025-14372: Use after free in Password Manager CVE-2025-14373: Inappropriate implementation in Toolbar third issue with an exploit is known to exist in the wild...
CVE-2025-13663 Quartus Prime Pro Edition Installer Advisory
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
CVE-2025-13575
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...
CVE-2025-13575
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...
CVE-2025-13575 code-projects Blog Site Category blog.php category_exists sql injection
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...
CVE-2025-13575 code-projects Blog Site Category blog.php category_exists sql injection
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function categoryexists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from...