📄 Flask-Uploads 0.2.1 Path Traversal / Arbitrary File Write

Flask-Uploads versions 0.2.1 and below Metasploit module that exploits a path traversal vulnerability to achieve an arbitrary file write. ============================================================================================================================================= | Title :...

PT-2026-5835

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send say method, causing the server to become...

PT-2026-6305

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts, an open-source enterprise resource planning and accounting software, contains a critical SQL injection issue in its REST API. Authenticated API users can execute arbitrary SQ...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...

SunnySideSoft VirtualTablet Server 安全漏洞

SunnySideSoft VirtualTablet Server is a drawing board software developed by SunnySideSoft Corporation. Version 3.0.2 of SunnySideSoft VirtualTablet Server contains a security vulnerability. This vulnerability arises from a denial-of-service vulnerability in the sendsay method when sendinglong...

Ubuntu 25.10 : CRaC JDK 21 vulnerabilities (USN-8003-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8003-1 advisory. It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

USN-8003-1: CRaC JDK 21 vulnerabilities

It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-8003-1 openjdk-21-crac vulnerabilities

It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-8002-1 openjdk-21 vulnerabilities

It was discovered that the RMI component of OpenJDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-8002-1: OpenJDK 21 vulnerabilities

It was discovered that the RMI component of OpenJDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

CVE-2026-24133

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

USN-8000-1: OpenJDK 8 vulnerabilities

It was discovered that the RMI component of OpenJDK 8 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in the shipping methods section of store management. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting a crafted...

CVE-2026-24133

The CVE-2026-24133 issue affects jsPDF (prior to 4.1.0) where user control of the first addImage argument allows denial of service when processing unvalidated BMP data or URLs, including via the html method. Harmful BMP headers with large width/height trigger excessive memory allocations, leading...

CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

CVE-2026-24133

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

openjdk: Improve JMX connections (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods when processing BMP image data with unvalidated dimensions. An attacker can cause excessive memory allocation and application unavailability by...