2430 matches found
CVE-2026-42140
The CVE covers the PlantUML Macro used in XWiki, where the vulnerability lies in the server parameter not being validated. Prior to version 2.4.1, an attacker can supply an arbitrary URL (including internal addresses) to the server parameter, causing the XWiki server to attempt to connect for ren...
CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...
PT-2026-36886
Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...
PlantUML Macro 代码问题漏洞
PlantUML Macro is an open-source tool developed by XWiki Contrib that generates chart images from textual definitions. Versions of PlantUML Macro prior to 2.4.1 had code vulnerabilities; these vulnerabilities stemmed from the lack of validation of the URLs provided by server parameters, which cou...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...
CVE-2026-31756 usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
JLSEC-2026-201
A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...
CVE-2026-34065
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065
CVE-2026-34065 affects nimiq-primitives in Nimiq’s Rust implementation. Before version 1.3.0, an untrusted p2p peer could cause a node to panic by announcing an election macro block whose validators set includes an invalid compressed BLS voting key. Hashing the election macro header hashes the va...
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...
GHSA-7C4J-2M43-2MGH nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...
EUVD-2026-25062
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals...
PT-2026-34546
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::voting keys, which calls validator.voting key.uncompress.unwr...
PT-2026-34383
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb2 calc max out buf len function used a hardcoded magic number for the hdr2 len argument instead of the correct offset of the Buffer field...
CLSA-2026-1776438517 gstreamer1-plugins-bad-free: Fix of CVE-2026-3082
CVE-2026-3082: fix heap-based buffer overflow in JPEG parser READBYTES macro by adding sizeofbuf bounds check...
[SECURITY] Fedora 44 Update: kf6-kcoreaddons-6.25.0-1.fc44
KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...
CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...