9663 matches found
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
Malicious code in pypdf-fork (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02 During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". ---...
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882
OpenRemote’s Velbus asset import vulnerability (CVE-2026-40882) is an XXE in the import path prior to version 1.22.0. An authenticated user with import access can trigger XML external entity processing when posting Velbus project XML, potentially causing server-side file disclosure (target file
EUVD-2026-24959
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
USN-8199-1 glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...
CVE-2026-1660
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
CVE-2026-1660
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
CVE-2026-1660
GitLab CVE-2026-1660 affects GitLab CE/EE versions 12.3–18.9.5, 18.10.0–18.10.3, and 18.11.0–18.11.0 due to improper input validation that could allow an authenticated user to cause a denial of service when importing issues. A patch release has been issued: 18.9.6, 18.10.4, and 18.11.1 (and relat...
CVE-2018-25259
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...
EUVD-2026-24628
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...
CVE-2026-6839
The vulnerability CVE-2026-6839 affects Samsung ONE (Open Source ONE). Root cause: improper validation of STRING tensor offsets during constant tensor import, which can trigger out-of-bounds access. Affected versions are prior to commit 1.30.0. Impact described by CVSS: LOCAL attacker with low at...