811 matches found
WordPress Mixed Media Gallery Blocks plugin <= 3.2.4.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin SimpLy Gallery versions = 3.2.4.4...
Incorrect Authorization
Overview @clerk/nextjs is a Clerk SDK for NextJS Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call...
Incorrect Authorization
Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via improper handling of proxy authentication during redirects when distinct proxies are configured for different URL schemes. An attacker can obtain sensitive proxy credentials by intercepting traff...
OESA-2026-2043 openssl security update
Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...
OESA-2026-2042 openssl security update
Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...
GHSA-V638-38FC-RHFV AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache
Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...
EUVD-2026-25368
Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...
SUSE CVE-2026-31484
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...
CVE-2026-31484
A flaw was found in the Linux kernel. A local user could potentially exploit an out-of-bounds read vulnerability in the iouring/fdinfo component, specifically within the iouringshowfdinfo function. This issue arises from an incorrect wrap check when processing 128-byte Submission Queue Entries SQ...
EUVD-2026-24847
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...
CVE-2026-31484
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...
CVE-2026-31484 io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...
PT-2026-34389
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the io uring show fdinfo function. The issue occurs during the iteration over pending submission queue entries SQEs on an IORING SETUP SQE MIXED ring. Whe...
openSUSE 16 Security Update : Botan (openSUSE-SU-2026:20566-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20566-1 advisory. This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates...
CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
OPENSUSE-SU-2026:20566-1 Security update for Botan
This update for Botan fixes the following issue: - CVE-2026-32884: Certificate validation bypass due to mixed-case Common Name in X.509 certificates bsc1261993...
GNU C Library 安全漏洞
The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of the ungetwc function on character sets with...
PT-2026-33365
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...
GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml
Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...