3400 matches found
CVE-2025-71352
The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
CVE-2026-55956
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55956
CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...
CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-57341
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...
CVE-2026-57341
The CVE-2026-57341 entry describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the Colissimo Officiel: Méthodes de livraison pour WooCommerce plugin for WordPress, affecting versions
EUVD-2026-40112
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
EUVD-2026-39602
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...
EUVD-2026-39448
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...
EUVD-2025-210327
picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...
CVE-2026-44957
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
EUVD-2026-38502
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
CVE-2025-71376
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...
EUVD-2025-210308
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...
CVE-2025-71376
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...
CVE-2026-54269
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...
CVE-2025-71348
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...