19537 matches found
CVE-2026-5713
A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...
Open Redirect
Overview @adonisjs/http-server is an AdonisJS HTTP server with support packed with Routing and Cookies Affected versions of this package are vulnerable to Open Redirect via the response.redirect.back function. An attacker can redirect users to malicious external sites by manipulating the Referer...
CVE-2026-32226
A flaw was found in .NET Framework. This vulnerability, a race condition, allows an unauthorized attacker to exploit improper synchronization when shared resources are concurrently executed. This can lead to a Denial of Service DoS over a network, making the affected system or application...
CVE-2025-69993
A flaw was found in Leaflet. This Cross-Site Scripting XSS vulnerability exists in the bindPopup method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script...
CVE-2026-33948
A flaw was found in jq, a command-line JSON processor. This vulnerability allows a remote attacker to bypass input validation by crafting malicious JSON input containing embedded null NUL bytes. Due to incorrect handling of input buffer lengths, jq truncates the input at the first NUL byte,...
CVE-2026-4786
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
CVE-2026-6264
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...
EUVD-2026-22134
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
EUVD-2026-22092
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...
PT-2026-32611
Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to 2.0.6 Description An authorization bypass exists in the timestamp-authority/v2/pkg/verification package. The VerifyTimestampResponse function correctly verifies the certificate chain signature, bu...
PT-2026-33235
Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...
Linux Distros Unpatched Vulnerability : CVE-2026-4786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain browser types the webbrowser.open API could...
CVE-2026-40310
A flaw was found in ImageMagick. This vulnerability, a heap out-of-bounds write, occurs within the JPEG 2000 JP2 encoder when processing an image with an invalid sampling index. A remote attacker could exploit this by providing a specially crafted image, which may lead to a denial of service DoS ...
CVE-2026-40169
A flaw was found in ImageMagick. A remote attacker could exploit this vulnerability by providing a specially crafted image file. When ImageMagick processes this image to generate a YAML or JSON output, it can lead to an out-of-bounds heap write, causing the application to crash. This results in a...
DEBIAN-CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
UBUNTU-CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-33899
A flaw was found in ImageMagick. When processing a specially crafted XML file, a remote attacker could exploit an out-of-bounds write vulnerability. This could lead to a denial of service, making the affected program unavailable. Mitigation Mitigation for this issue is either not available or the...
CVE-2026-33900
A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. This vulnerability, an integer truncation/wraparound issue within the viff encoder on 32-bit builds, could lead to an out-of-bounds heap write. An attacker could exploit this by providing a specially...
CVE-2026-33901
A flaw was found in ImageMagick. A remote attacker could exploit a heap buffer overflow vulnerability in the MVG decoder by processing a specially crafted image file. This vulnerability allows for an out-of-bounds write, which could lead to a Denial of Service DoS for the affected system...