72591 matches found
Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...
GHSA-M3VP-3JJM-GPMX Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials
Summary The ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g., ../config.php to read arbitrary files accessible to the web server process...
Exploit for Improper Neutralization of Special Elements in Data Query Logic in Getzep Graphiti
CVE-2026-32247 — Cypher Injection in graphiti-core via unsanit...
GHSA-H8CJ-HPMG-636V appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution
Summary A SQL injection vulnerability exists in FilterDataServiceCE.java where the dropTable method constructs a SQL DROP TABLE statement using string concatenation with the table name. If the table name is derived from user input, this allows for arbitrary SQL command execution. Details The...
CVE-2026-42420
OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...
CVE-2026-24204
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps
Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM po...
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...
CVE-2026-41952
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41220
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41220
CVE-2026-41220 describes a local privilege escalation caused by improper input validation affecting Acronis DeviceLock DLP (Windows) before build 9.0.93212 and Acronis Cyber Protect Cloud Agent (Windows) before build 42183. The NVD/NIST records confirm the vulnerable components are Windows produc...
CVE-2026-41220
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41220
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
EUVD-2026-26233
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41220
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41952
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41952
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...
CVE-2026-41952
CVE-2026-41952 : Local privilege escalation in Acronis products due to improper input validation. Affected on Windows: DeviceLock DLP before build 9.0.93212 and Cyber Protect Cloud Agent before build 42183. CVSSv3.0: LOCAL attack, LOW complexity, LOW privileges, NO user interaction; impacts inclu...
CVE-2026-41952
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212, Acronis Cyber Protect Cloud Agent Windows before build 42183...