47725 matches found
CVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...
[SECURITY] Fedora 42 Update: rust-sigul-pesign-bridge-0.5.0-3.fc42
Drop-in replacement for pesign's daemon that bridges pesign-client requests to a Sigul server...
PT-2026-7558
Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that allows a remote attacker who has obtained a user account to exploit a resource allocation issue without limits or throttling. This could lead to the attack...
Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...
PT-2026-7807
This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...
PT-2026-7723
Name of the Vulnerable Software and Affected Versions set-in versions 2.0.1 through 2.0.4 Description set-in is a Node.js package that sets values within nested associative structures given an array of keys. A flaw exists where, despite a previous attempt to prevent prototype pollution by checkin...
Unspecified Vulnerability in HCL AION (CNVD-2026-16402)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a missing or insecure HTTP Strict Transport Security header, which can be exploited by an attacker to cause a man-in-the-middle attack...
PT-2026-7565
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...
set-in 安全漏洞
set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...
Google Chrome < 145.0.7632.45 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 145.0.7632.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 202602stable-channel-update-for-desktop10 advisory. - Use after free in Ozone. CVE-2026-2321 - Use after free in CSS. CVE-2026-231...
Linux Distros Unpatched Vulnerability : CVE-2026-2318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
AZL-77480 CVE-2026-25646 affecting package optipng 0.7.8-5
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
BIT-NGINX-2026-1642
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...
CVE-2026-21332 InDesign Desktop | Out-of-bounds Read (CWE-125)
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...
CVE-2026-21357
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-25992
SiYuan before 3.5.5 exposes a vulnerability in the /api/file/getFile endpoint: it uses case-sensitive equality checks to block access on case-insensitive file systems (e.g., Windows). An attacker can bypass restrictions via mixed-case paths and read protected configuration files. Impact is confid...
CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...