2032785 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
CVE-2026-57588
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...
CVE-2026-56122
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
CVE-2026-56054
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-54845
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
CVE-2026-57588
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
CVE-2026-56122
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
EUVD-2026-39397
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
CVE-2026-56122
Winstone Servlet Engine up to version 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences not sanitized when serving static files from the configured webroot. Attackers can traverse ...
CVE-2026-40209
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...
CVE-2026-56054
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
EUVD-2026-39383
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-56054
CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions <= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...
CVE-2026-54845
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...