14 matches found
CVE-2026-55792
Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...
Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
EUVD-2026-17610
lodash vulnerable to Code Injection via .template imports key names...
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-25747
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002539)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002539 advisory. arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks...
MiracleLinux 8 : kernel-4.18.0-553.37.1.el8_10 (AXSA:2025-9659:11)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9659:11 advisory. kernel: scsi: core: Fix unremoved procfs host directory regression CVE-2024-26935 kernel: arm64/sve: Discard stale CPU state when handling SVE traps...
MiracleLinux 8 : kernel-4.18.0-553.66.1.el8_10 (AXSA:2025-10755:54)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10755:54 advisory. kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in...
WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme CiyaShop versions = 4.18.0...
CVE-2022-37402
Stored Cross-site Scripting XSS vulnerability in AFS Analytics plugin = 4.18 versions...
SUSE CVE-2019-3819
A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...
CKEditor 跨站脚本漏洞
CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor 4 versions prior to 4.18.0, which stems from a vulnerability discovered in the core HTML processing module that affects all plugins used in CKEditor4 versions prior to 4.18.0. The...
AZL-6520 CVE-2019-3819 affecting package kernel for versions less than 5.10.78.1-1
A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...
DEBIAN-CVE-2019-3819
A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...