DEBIAN-CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

CVE-2026-6681 PKCS#7 decode ignores caller output buffer size, writing past buffer bounds

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

EUVD-2026-39556

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

PT-2026-52605

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.9.0 Description The functions wc Blake2bHmacFinal and wc Blake2sHmacFinal discard the message when the key length exceeds the block size. This occurs because the key-hashing branch reinitializes the running hash state, which...

EUVD-2026-36968

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

EUVD-2026-36936

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

CVE-2026-39472

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

CVE-2026-39472

The CVE-2026-39472 affects the WordPress WooCommerce PDF Invoices & Packing Slips plugin prior to version 5.9.0, where a PHP Object Injection vulnerability was reported affecting shop manager operations. The root cause is a PHP Object Injection flaw in this plugin version, with CVSS 3.1 base metr...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49378

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

Linux Distros Unpatched Vulnerability : CVE-2026-44740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed...

CVE-2026-44973

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

CVE-2026-25317 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...

Allocation of Resources Without Limits or Throttling

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding of CBOR payloads. An attacker can cause the application to crash by submitting deeply nested input that trigger...

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

CVE-2026-26209

The CVE-2026-26209 issue affects the Python library cbor2 (including the C extension _cbor2) prior to version 5.9.0. The root cause is uncontrolled recursion when decoding deeply nested CBOR structures, as the C extension relies on Python’s Py_EnterRecursiveCall rather than a data-driven depth li...

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

EUVD-2026-13135

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

WordPress plugin WPJobBoard SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A SQL injecti...