25961 matches found
GTranslate < 2.8.65 - Cross-Site Scripting
In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...
Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites
Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...
CVE-2026-49119
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...
CVE-2026-49119
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...
CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...
CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...
PT-2026-54771
Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.16.0 Description A path traversal issue exists in the preprocess function of the FileExplorer component. Unauthenticated attackers can escape the configured root directory by providing path segments that include...
GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus
Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus...
Security Bulletin: Use of Aspera products with Windows XP/IE 8
Question Security Bulletin: Use of Aspera products with Windows XP/IE 8 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line...
MAL-2026-5568 Malicious code in forge-jsx2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9 The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a...
KB5094006: Cumulative security update for Internet Explorer: June 9, 2026
None None...
CVE-2026-9264
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-8148
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks...
CVE-2026-42316
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...
CVE-2026-10584
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...
CVE-2022-49042
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...
EUVD-2022-55997
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49042
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49042
CVE-2022-49042 affects Synology Hyper Backup Explorer (MinGW DLL component). The vulnerability arises from inclusion of functionality from an untrusted control sphere, enabling local arbitrary code execution via unspecified vectors in versions before 3.0.1-0156. The CVSSv3.1 vector is Local attac...
Synology Hyper Backup Explorer 安全漏洞
Synology Hyper Backup Explorer is a backup file viewing tool developed by Synology, a Chinese company, for browsing, retrieving, and restoring backup version data. Versions of Synology Hyper Backup Explorer prior to 3.0.1-0156 contained security vulnerabilities. These vulnerabilities stemmed from...