110 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...
CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
CVE-2026-54911
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
EUVD-2026-36196
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...
CVE-2026-3870
Zyxel VMG4005-B50B firmware versions up to 5.13(ABRL.5.4)C0 contain a buffer overflow in the UPnP AddPortMapping() command. This vulnerability could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the device. The available documen...
Astra Linux – Vulnerability in Linux
A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...
CVE-2026-6008
CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...
EUVD-2026-20229
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...
CVE-2026-39588
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33742
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...
CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items
Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...
Invoice Ninja 跨站脚本漏洞
Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...
Invoice Ninja 安全漏洞
Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a security vulnerability. This vulnerability stems from the project description field bypassing the XSS rejection...
CVE-2025-70237
CVE-2025-70237 affects D-Link DIR-513 (v1.10). The issue is a stack buffer overflow in the handling of the curTime parameter passed to goform/formSetPortTr, allowing potential control-flow disruption. Multiple sources describe this vulnerability as enabling arbitrary code execution or a denial of...
MAL-2026-1054 Malicious code in iosysredis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ebc0b0ce3b008449dfcb8149458898f7bbbffbac1a58a1ac3f5e002585b45c The package iosysredis was found to contain malicious code. Source: ghsa-malware 0d8b923c8adb27e2f28e5804af5428885fe3b1399d1cead59dd5a505e3c6f586 Any...
CVE-2026-27574
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module explicitly documented as not a security mechanism to execute user-supplied code, allowing trivial sandbox escape via a well-known...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25616
Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...
PT-2026-6331
Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software contains a flaw that allows for object injection. This issue is also known as CORE-5680. Recommendations Update to version 5.13.3 or later...