8820 matches found
CVE-2025-22424
CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...
CVE-2026-44740
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...
EUVD-2026-33663
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...
CVE-2026-48190
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from improper input validation in multiple functions within DevicePolicyManagerService.java. These vulnerabilities may lead to local...
MediaTek Chipsets 安全漏洞
MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities. These vulnerabilities stem from insufficient boundary checking in the geniezone component, leading to out-of-bound writes. This can result in an increase in...
PT-2026-45611
Name of the Vulnerable Software and Affected Versions DevicePolicyManagerService.java affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java can cause a desync from persistence. This issue may lead to a local denial of servic...
OTRS 安全漏洞
OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X, as well as in the Community Edition 6.0.x version. These vulnerabilities stem from improper input validation ...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.2 contained security vulnerabilities. These vulnerabilities stemmed from Reader View incorrectly escaping HTML tags in JSON-LD metadata. This could allo...
Project Management 授权问题漏洞
Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...
ASB-A-414389102
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
IBM WebSphere Application Server(WAS) 代码问题漏洞
IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...
OPENSUSE-SU-2026:20852-1 Security update for roundcubemail
This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...
RLSA-2026:21745 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
CVE-2026-47744
CVE-2026-47744 affects Shopper: a Headless e-commerce Admin Panel. Two authorization flaws in Settings/Team enable RBAC takeover prior to version 2.8.0. First, Settings/Team/Index had no mount() authorization, allowing any authenticated panel user to load the page and perform public actions to cr...
Free-Riding in the AI Economy: Demystifying Logic Flaws in X402-Enabled Payment Systems
The agentic economy demands programmatic financial rails, positioning the x402 protocol as the de facto standard for machine-to-machine payments. However, bridging synchronous HTTP requests with asynchronous blockchain finality introduces profound state synchronization challenges. In this work, w...
SillyTavern 安全漏洞
SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...
PT-2026-44944
Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...