jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the bnModInverse function in ext/jsbn2.js, which could cause infinite loops when processing zero or negative...

📄 MailEnable 10.54 Cross Site Scripting

MailEnable versions 10.54 and below suffer from multiple cross site scripting vulnerabilities. --------------------------------------------------------------------------- MailEnable = 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities...

CVE-2026-33142

CVE-2026-33142 affects OneUptime prior to version 10.0.34. The issue arises because the functions toSortStatement, toSelectStatement, and toGroupByStatement in StatementGenerator interpolate user-supplied keys as ClickHouse Identifier parameters without validating that they match actual model col...

CVE-2025-15608 Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Range or Values summarizer, which renders raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious content...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability. This vulnerability stemmed from insufficient validation of untrusted inputs during navigation, which could allow remote attackers to execute a sandbox esca...

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

Improper Validation of Specified Quantity in Input

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the chunksize parameter in app.addmediafile and app.addmediafiles media routes. An attacker can cause excessi...

Reliance on Untrusted Inputs in a Security Decision

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in...

GHSA-WGVC-GHV9-3PMM UltraJSON has a Memory Leak parsing large integers allows DoS

Summary ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. Exploitability Any service that calls ujson.load/ujson.loads/ujson.decode on untrusted inputs is affected and vulnerable to denial of service attacks...

UltraJSON has a Memory Leak parsing large integers allows DoS

Summary ujson 5.4.0 to 5.11.0 inclusive contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. Exploitability Any service that calls ujson.load/ujson.loads/ujson.decode on untrusted inputs is affected and vulnerable to denial of service attacks...

PT-2026-26034

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack...

PT-2026-25734

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

PT-2026-25801

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date start and date end from $ REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escape...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2026-1310)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the...

CVE-2016-20036

CVE-2016-20036 affects Wowza Streaming Engine 4.5.0, specifically the enginemanager interface. The issue is multiple reflected cross-site scripting vulnerabilities caused by insufficient sanitization of input passed through parameters such as appName, vhost, uiAppType, and wowzaCloudDestinationTy...