253 matches found
CVE-2026-35480
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
CVE-2026-35480 go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
CVE-2026-35480
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
CVE-2026-35480 go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
CVE-2026-35480
CVE-2026-35480 affects the go-ipld-prime project, specifically the DAG-CBOR decoder. Prior to version 0.22.0, the decoder uses collection size hints from CBOR headers as preallocation hints for maps and lists without capping them or accounting for their cost in its allocation budget. This can lea...
go-ipld-prime 安全漏洞
go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR decoder using the set size declared in the CBOR header as a hint for Go’s pre-allocatio...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the ACP permission resolution process. An attacker can bypass security prompting by providing conflicting tool identity hints in rawInput and metadata, which c...
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting
Summary ACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
WordPress Pre* Party Resource Hints plugin <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter vulnerability
Authenticated Subscriber+ SQL Injection via 'hintids' Parameter vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Pre Party Resource Hints versions = 1.8.20...
EUVD-2026-14180
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-4087
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-4087
CVE-2026-4087 affects the Pre* Party Resource Hints plugin for WordPress. The vulnerability is an SQL Injection via the hint_ids parameter in the pprh_update_hints AJAX action, present in all versions up to and including 1.8.20 . It results from insufficient escaping of user input and lack of pro...
CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2026-4087
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
WordPress plugin Pre* Party Resource Hints SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-26876
The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint ids' parameter of the pprh update hints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
hckr-tr
⠀⠀⠀⣠⣴⡶⢶⣦⣄⠀⠀⠀⠀⠀⠀⠀⠀⣾⠋⠙⢿⣆⣤⣤⣄⠀⠀⠀ ⠀⠀⢰⣿⠁⠀⠀⠀⠙⢷⡄⠀⠀⠀⠀⠀⢸⡿⠀⠀⠀⠛⠉...
BIT-MONGODB-2026-25610 Invalid $geoNear index hint may cause server crash
An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...
Alinto SOGo 代码注入漏洞
Alinto SOGo is an open-source collaboration office software developed by Alinto. Versions 5.12.3 and 5.12.4 of Alinto SOGo contain a code injection vulnerability. This vulnerability stems from incorrect handling of parameter hints, which may lead to cross-site scripting attacks...