47696 matches found
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Entity encoding bypass via regex injection in DOCTYPE entity names Summary A dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities , , &, ", ' with arbitrary values. This bypasses entity encoding and leads to...
CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...
CVE-2025-67438
A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...
CVE-2025-67438
A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...
February Linux Patch Wednesday
FebruaryLinux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities - 1.5Γ fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation: π» RCE - Chromium CVE-2026-2441 π» InfDisc - MongoDB "MongoBleed" CVE-2025-14847 Publi...
CVE-2025-53217 WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...
CVE-2025-53217 WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...
CVE-2025-53217
The CVE-2025-53217 entry concerns the WordPress plugin AIO WP Builder (staviravn all-in-one-wp-builder) with versions up to and including 2.0.2, where a Missing Authorization vulnerability allows exploitation of incorrectly configured access control. The root cause is broken access control in the...
Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513
Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 β an actively exploited MSHTML vulnerability β and how APT28 leveraged it in real-world attacks...
MINI-32FX-4RQJ-FG3X
Bulletin has no description...
MINI-RCV9-RG56-6CHH
Bulletin has no description...
CVE-2017-4573
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4568
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4552
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4546
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4531
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4523
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4511
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4486
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2017-4201
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...