Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

GHSA-6VHH-4XW6-H2H2 Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie...

Imperva Customers Protected Against CVE-2026-45247 in Mirasvit Full Page Cache Warmer for Magento

TL;DR: CVE-2026-45247 is a critical unauthenticated remote code execution RCE vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2. The flaw stems from unsafe PHP deserialization of attacker-controlled data supplied through the CacheWarmer cookie. Successful exploitation can allo...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description A PHP object injection issue exists due to the unrestricted use of the native unserialize function. Unauthenticated attackers can achieve remote code execution...

GHSA-CCFX-MFMX-2FX9 Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

SUSE CVE-2026-31616

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

CVE-2026-31616

A flaw was found in the Linux kernel's USB gadget Phonet function. A remote attacker, acting as a malicious USB host, could exploit this vulnerability by sending a continuous stream of full-page data transfers. This action causes an overflow in the kernel's internal data structures, leading to...

CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application...

EUVD-2021-13814

Malware in sbrugna...

EUVD-2022-4823

Malicious code in bioql PyPI...

net: libwx: remove duplicate page_pool_put_full_page()

...

Linux Distros Unpatched Vulnerability : CVE-2024-24815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module i...