7952 matches found
BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion
The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...
MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...
CVE-2026-15552
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...
CVE-2026-15531 yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization
A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...
EUVD-2026-43277
A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...
CVE-2026-15529 yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization
A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...
EUVD-2026-43275
A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...
CVE-2026-15552 Ragic|Enterprise Cloud Database - Stored Cross-Site Scripting
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...
EUVD-2026-43270
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...
CVE-2026-15552
The CVE-2026-15552 entry concerns Ragic’s Enterprise Cloud Database, which is reported to be vulnerable to a Stored Cross-Site Scripting (Stored XSS) flaw. According to the sources, unauthenticated remote attackers can inject persistent JavaScript code that is executed in users’ browsers upon pag...
CVE-2026-15295
CVE-2026-15295 affects the WordPress Infinite Scroll – Ajax Load More plugin for WordPress, vulnerable in all versions up to 7.0.1 due to insufficient input sanitization and output escaping. Stored XSS can be triggered by authenticated attackers with administrator-level permissions (and above) vi...
CVE-2026-15295 Ajax Load More <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Linux Distros Unpatched Vulnerability : CVE-2026-55206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in...
EUVD-2026-33941
mint: Content-Length header accepts non-RFC "+" sign prefix...
CVE-2026-33803
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...
CVE-2025-58146
There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...
CVE-2026-54499
CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...
Updated vips packages fix security vulnerabilities
This update fixes several security issues: A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack need...
EUVD-2026-42315
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...
EUVD-2026-42208
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...