Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017553 advisory. libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Tenable has...

EUVD-2026-9395

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058 Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058

CVE-2026-3058 involves the WordPress plugin Seraphinite Accelerator. The vulnerability is classified as a Sensitive Information Exposure issue in all versions up to and including 2.28.14, exploitable via the seraph_accel_api AJAX action with fn=GetData. The OnAdminApi_GetData() function does not ...

PT-2026-22902

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraph accel api AJAX action with fn=GetData. This is due to the OnAdminApi GetData function not performing any capability checks. This makes it...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getData function of the preview component when processing image metadata with an extra command line argument. An attacker can cause a crash or potentially read out-of-bounds memory by supplying specially crafte...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27596

Exiv2 (C++ library/CLI for EXIF/IPTC/XMP metadata) has a vulnerability in the preview component (triggered with an extra command-line arg such as -pp) where an integer underflow in LoaderNative::getData() leads to a heap buffer overflow. This affects versions prior to 0.28.8 and typically causes ...

EUVD-2021-21648

Malware in sbrugna...

EUVD-2025-27977

Malicious code in bioql PyPI...

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

CVE-2025-40664

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...

Employee Record System getData.php File SQL Injection Vulnerability

Employee Record System is an employee record system. Employee Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keywords in the file /dashboard/getData.php. An attacker can exploit this...

Code-Projects Employee Record System 注入漏洞

Code-Projects Employee Record System is a Code-Projects open source employee record system. Code-Projects Employee Record System version 1.0 has an injection vulnerability, the vulnerability stems from improper handling of the parameter keywords in the file /dashboard/getData.php, which may lead ...

CVE-2025-0870

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of ...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files from Axiomatic Systems. A security vulnerability exists in Bento4 1.6.0-641 and earlier versions, which stems from a heap buffer overflow in the AP4DataBuffer::GetData function...

PT-2025-4079

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions up to 1.6.0-641 Description The issue affects the function AP4 DataBuffer::GetData in the library Ap4DataBuffer.h, leading to a heap-based buffer overflow. This can be exploited remotely, with a rather high complexity...

CVE-2024-52920

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service infinite loop via a malformed GETDATA message...