607 matches found
PYSEC-2026-1835 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...
CVE-2026-54839
The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected
CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: The migrate type of all pageblocks during coalescence needs to be changed. When a page is freed, it coalesces with a buddy page into a higher-order page whenever possible. When the migrate type of the buddy page...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: migrate: corrected lock ordering for hugetlb file folio operations Syzbot has identified a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then attempts to acquire immaprwsem read lock. 2 Task 5754: Holds...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpmigratereq. When reading sysctltcpmigratereq, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
CVE-2026-48591
Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...
CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark
Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...
CVE-2026-49043
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
CVE-2026-49043
The CVE-2026-49043 entry concerns the WordPress WP Migrate Lite plugin, versions <= 2.7.8, with an unauthenticated Cross Site Request Forgery (CSRF) vulnerability. According to the connected data, the issue is attributed to CSRF within WP Migrate Lite (
EUVD-2026-36867
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
PT-2026-49497
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...
proc-macro-error2 is unmaintained
The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...
CVE-2026-31266
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...
📄 Craft CMS 5.9.5 Missing Authorization / Denial of Service
Craft CMS versions 5.9.5 and below suffer from a missing authorization vulnerability that can trigger an unwanted migration. CVE-2026-31266 - Craft CMS Missing Authorization CVE Information | Field | Value | |-------|-------| | CVE ID | CVE-2026-31266 | | Vendor | Pixel & Tonic | | Product | Craf...
`pqcrypto` is unmaintained: upstream PQClean project being archived
The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...