76 matches found
EUVD-2026-40297
Rancher has over-inclusive team membership expansion in GitHub App authentication provider...
CVE-2026-34900
Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...
PT-2026-41682
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...
BIT-JRE-2026-23865
An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...
RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...
GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client
Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...
CVE-2026-39485 WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...
BIT-CEPH-2020-1699
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph...
Apple多款产品 安全漏洞
Apple Safari, among others, are products of the American company Apple. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad...
CVE-2026-23865
An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...
CVE-2020-10010
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...
Teamcenter Visualization WRL File Parsing Vulnerabilities
Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...
Teamcenter Visualization SSO login service Vulnerability
Teamcenter contains an open-redirect vulnerability in its SSO login service affecting Teamcenter V14.1, V14.2, V14.3, V2312, V2406, and V2412; the SSO accepts user-controlled input that can point to external URLs, allowing an attacker to craft a link that redirects a legitimate user to a maliciou...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.2, which stems from an unvalidated X-Forwarded-Host header and could lead to malicious redirection and credential disclosure...
Security Vulnerabilities fixed in Thunderbird 140.3 — Mozilla
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
VulnCheck KEV: CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
...
CVE-2021-22257
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...
CVE-2025-3942
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...
CVE-2025-26788
creationtimestamp| type| source ---|---|--- 2025-02-14 07:43:30+00:00| seen| https://infosec.exchange/users/cve/statuses/114001117806184646 2025-02-14 08:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li4r6djxlw2g 2025-02-14 08:48:27+00:00| seen|...