13 matches found
CVE-2026-7459
The CVE concerns the Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress (
GHSA-PJWM-PJ3P-43MV axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...
CVE-2025-46696
Dell Secure Connect Gateway SCG 5.0 Appliance and Application, versions versions 5.26 to 5.30, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-46696
Dell Secure Connect Gateway SCG 5.0 Appliance and Application, versions versions 5.26 to 5.30, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-46696
Dell Secure Connect Gateway SCG 5.0 Appliance and Application, versions versions 5.26 to 5.30, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-11517
CVE-2025-11517 affects the WordPress plugin “Event Tickets and Registration” (
Baicells EG7035E-M11 跨站脚本漏洞
The Baicells EG7035E-M11 is an LTE base station from Baicells. A cross-site scripting vulnerability exists in the Baicells EG7035E-M11 BaiCEBM2.5.26NA version, which stems from improper input neutralization could lead to a cross-site scripting attack...
DEBIAN-CVE-2023-45143
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
Western Digital My Cloud 操作系统命令注入漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.119, which stems from an operating system command injection vulnerability that can be exploited by an attacker to remotely execu...
SUSE CVE-2018-6797
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...
CVE-2019-20660
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30...
CVE-2018-18748
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system"cmd" or os.system"powershell", within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality...
UBUNTU-CVE-2018-6798
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...