UBUNTU-CVE-2026-48855

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

CVE-2026-22208

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +3727 more potentially affected by CVE-2026-25223 via fastify (>=0.21.0 <=5.7.1)

fastify NPM version =0.21.0, =1.0.0, =1.0.5, =1.0.0, =1.0.0, =0.0.0, =0.0.1, =1.0.3, =0.0.1, =0.1.66, =0.5.0, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-canary.2 and more Source cves: CVE-2026-25223 Source advisory: OSV:GHSA-JX2C-RXCM-JVMQ...

GO-2026-4368 Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea...

GO-2026-4362 Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea...

CVE-2025-66723

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths...

CVE-2024-40583

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials...

CVE-2024-51587

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Softfirm Definitive Addons for Elementor allows Stored XSS.This issue affects Definitive Addons for Elementor: from n/a through 1.5.16...

CVE-2023-45107

Cross-Site Request Forgery CSRF vulnerability in GoodBarber plugin = 1.0.22 versions...

CVE-2023-22630

IzyBat Orange casiers before 202211021 allows SQL Injection via a getCasier.php?taille= URI...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4761 more potentially affected by CVE-2021-37687 via tensorflow (>=1.0.1 <=2.3.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-37687 Source advisory: OSV:GHSA-JWF9-W5XM-F437...

CVE-2020-16979

Microsoft SharePoint Information Disclosure Vulnerability...

activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2012-5784 via axis:axis (>=1.2 <=1.4)

axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2012-5784 Source advisory: OSV:GHSA-55W9-C3G2-4RRH...

CVE-2018-18603

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue...

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +8561 more potentially affected by CVE-2017-15010 via tough-cookie (>=0.12.0 <=2.3.2)

tough-cookie NPM version =0.12.0, =2.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on tough-cookie and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 -...