2728 matches found
RUSTSEC-2026-0059 `tokio-tcp` is unmaintained
The tokio-tcp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...
EUVD-2026-13187
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-27166
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...
CVE-2026-3029
A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...
UBUNTU-CVE-2026-3029
A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...
CVE-2026-3029
PyMuPDF (Python wrapper for MuPDF) has a path traversal / arbitrary file write vulnerability in version 1.26.5. The flaw resides in embedded_get, which uses untrusted embedded file metadata as the output path. If args.output is not provided, the function may write to arbitrary local paths, potent...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor (WordPress) is affected up to version 1.7.1049. The vulnerability arises in get_main_query_args(), due to insufficient restrictions on which posts can be included, allowing unauthenticated attackers to exfiltrate contents of ...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
WordPress plugin Royal Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-25870
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get main query args function due to insufficient restrictions on which posts can be included. This makes it...
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...
Denial Of Service (DoS)
Tornado is vulnerable to Denial of Service DoS. The vulnerability is due to synchronous parsing of multipart/form-data without limiting the number of parts, allowing attackers to send large requests with many parts that consume excessive CPU and block the main thread...
Malicious code in tailwind-mainanimation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64236873269f6da90599a0e0136ce22979e4bbfd8103cf4850e42c1179ae6cb5 The package tailwind-mainanimation was found to contain malicious code. Source: ghsa-malware...
SUSE CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
PYSEC-2026-140
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
PYSEC-2026-140
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
DEBIAN-CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...