384 matches found
CVE-2026-60024
The CVE pertains to the Joomla extension Events Booking, where prior versions up to 5.8.0 allow unauthenticated users to upload media assets by default. The affected component is the Events Booking plugin for Joomla (joomdonation.com). The root cause is an insecure default configuration that perm...
CVE-2026-58149
Joomla extension Events Booking (joomdonation.com) is affected by CVE-2026-58149: unauthenticated user enumeration that can reveal usernames and email addresses. Affected versions are
JLSEC-2026-701
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...
Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)
The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...
EUVD-2026-41270
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
GHSA-3PP7-M8F5-89GX vulnerabilities
Vulnerabilities for packages: firefox-esr, firefox...
SUSE CVE-2026-57231
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...
CVE-2026-57231
CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....
CVE-2026-42570
A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...
EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)
According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...
CVE-2026-39349
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...
SAMSUNG Members 安全漏洞
Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.8.01.5 contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow local attackers to use Samsung Members...
Advisory ROSA-SA-2026-3306
Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...
EUVD-2026-30039
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...
JLSEC-2026-462
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
CLSA-2026-1777306004 wireshark: Fix of CVE-2022-0586
CVE-2022-0586: fix infinite loop in RTMPT dissector rtmptgetamflength...
EUVD-2018-21789
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
CVE-2018-25261
CVE-2018-25261 concerns Iperius Backup 5.8.1, which contains a local buffer overflow in the structured exception handling (SEH) mechanism. A crafted file path in an external file location field during a backup job can trigger the overflow, enabling code execution with the application’s privileges...
Linux Distros Unpatched Vulnerability : CVE-2026-33414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in...