614 matches found
PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
CVE-2026-46384
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...
CVE-2026-9352
Affected software/area: NousResearch hermes-agent (Messaging Gateway Handler), up to 2026.4.23. Vulnerability details: A weakness in the function _make_run_env in tools/environments/local.py can lead to information disclosure. The issue may be exploitable remotely; exploit has been made publicly ...
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...
Hermes Agent 访问控制错误漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.23 contained a access control vulnerability. This vulnerability originated from the makerunenv function in the tools/environments/local.py file of the...
PT-2026-42910
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.24 Description A weakness in the Messaging Gateway Handler component allows for remote information disclosure. The issue is located within the make run env function in the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed a race condition in SNDCTLDSPSYNC There is a small race condition in the sndpcmosssync function, which is called from OSS PCM SNDCTLDSPSYNC ioctl. Specifically, the function calls sndpcmossmakeready first, a...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed an access bug involving an uninitialized variable in ip6makeskb. Syzbot reported the following bugs: ===================================================== BUG: KMSAN: uninit-value in archatomic64inc...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021640)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021640 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1...
CVE-2026-42549
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-42549
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-42549
CVE-2026-42549 affects Flight PHP core prior to 3.18.1. The make:controller CLI calls mkdir(..., recursive: true) on a user-supplied controller path before Nette class-name validation, allowing creation of directories outside the project root via ../ traversal. The directory creation side effect ...
CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
Flight 路径遍历漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...
EUVD-2026-29096
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...
CVE-2026-31249
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its makeparquetlist.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load without...
RELATE 安全特征问题漏洞
RELATE is a web-based course package developed by Andreas Klöckner as an individual project. Previous versions of RELATE, such as 2f68e16, had security-related vulnerabilities. These vulnerabilities stemmed from the makesigninkey function in auth.py and the genticketcode function in exam.py, whic...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the make:controller process. An attacker can create arbitrary directories outside the intended project root by supplying crafted input containing directory traversal sequences. Details A Directory Traversal attac...
Yeapook WDR201A WiFi Extender 安全漏洞
The Yeapook WDR201A WiFi Extender is a wireless signal extension device produced by the Yeapook company. The Yeapook WDR201A WiFi Extender in the HW V2.1 version and FW LFMZX28040922V1.02 version contain security vulnerabilities. These vulnerabilities stem from stack-based buffer overflows in the...