325760 matches found
CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58655
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
EUVD-2026-44633
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58655
The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...
Malicious code in syncgrove (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...
MAL-2026-10680 Malicious code in syncgrove (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c96b3528ab792944d243b00ae61facc33740850b5cb2ed19671fd6732e43494 The package's postinstall lifecycle script contacts a hardcoded plain-HTTP endpoint at http://player.sweeprovider.org, retrieves a key via /getKey.ph...
Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager
CVE-2019-6447: ES File Explorer Unauthenticated HTTP Service...
Malicious code in northstart-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...
MAL-2026-10672 Malicious code in northstart-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa58bcfb4f89faf624c1f99bb552e597cc2e061330a2e98e72e6f401bb70b4f9 The pypi package northstart-sdk 0.2.1 executes attacker-controlled code as a side effect of import northstartsdk. The top-level init.py assigns...
vulnerable-web-app
vulnerable-web-app ⚠️ Intentionally vulnerable. A runna...
OkoBot: new sophisticated malware framework targets cryptocurrency users
Introduction In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of...
Security Bulletin: Multiple vulnerabilities in python affects AIX/VIOS.
Summary Integer overflow and use after may cause memory corruption and denial of service. Vulnerability Details CVEID:CVE-2026-56403 DESCRIPTION: libexpat before 2.8.2 has an integer overflow in storeAtts. CWE:CWE-190: Integer Overflow or Wraparound CVSS Source: NVD CVSS Base score: 6.9 CVSS...
erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing
A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...
Security update for perl-libwww-perl
This update for perl-libwww-perl fixes the following issue CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for glib-networking
This update for glib-networking fixes the following issue CVE-2026-10028: two certificates which are each signed by the other can lead to an infinite loop bsc1267979. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for python-paramiko
This update for python-paramiko fixes the following issues: CVE-2026-44405: data integrity compromise due to allowed SHA-1 algorithm use bsc1264225. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...
Security Bulletin: Multiple vulnerabilities in Python affects AIX/VIOS.
Summary Integer overflow and use after may cause memory corruption and denial of service. Vulnerability Details CVEID:CVE-2026-56403 DESCRIPTION: libexpat before 2.8.2 has an integer overflow in storeAtts. CWE:CWE-190: Integer Overflow or Wraparound CVSS Source: NVD CVSS Base score: 6.9 CVSS...
Security update for glibc
This update for glibc fixes the following issues CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write bsc1263656. CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure bsc1263658. Patch...