28549 matches found
CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...
CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...
CVE-2026-59936 pypdf: Possible infinite loop for not terminated inline images
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...
CVE-2026-59936
Technical details about CVE-2026-59936 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected versions, impact, and fixes.
EUVD-2026-42225
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-8315 Stored XSS in Webbeyaz's Mediküm Web
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-8310
Mediküm Web (Webbeyaz Web Design) is affected by CVE-2026-8310, a Reflected XSS caused by improper neutralization of input during web page generation. Affected through 08/07/2026; vendor noted as not supported. The connected documents consistently describe the issue without detailing specific vul...
EUVD-2026-42223
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-8307
SQL injection in Webbeyaz Web Design Mediküm Web (Mediküm Web) due to improper neutralization of special elements in SQL commands. Affected through 08072026; vendor state: product not supported. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). No remediation details provided in th...
CVE-2026-8307 SQLi in Webbeyaz's Mediküm Web
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...
Malicious code in na-rony-test-karem (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd6a8602ce62a88124613cbe7eb85e19a1ae122a0ee98c71676fe4969359888f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...
PT-2026-56412
Name of the Vulnerable Software and Affected Versions Mediküm Web versions through 08072026 Description Improper neutralization of input during web page generation allows for Stored Cross-Site Scripting XSS, a condition where malicious scripts are permanently stored on the target server and serve...
PT-2026-56448
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions 2.28.0 through 2.28.0 Description A SQL injection issue exists in the legacy MySQL v1 node during the executeQuery operation. The system substitutes evaluated...
PT-2026-57874
Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description A flaw in the downloadBlob function allows remote, unauthenticated attackers to cause a denial-of-service condition. The issue stems from improper validation of user-supplied data, leading to ...
PT-2026-56914
Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description A server-side request forgery SSRF issue in the management web interface allows an authenticated administrator with network access to perform unauthorized requests from the firewall to interna...
MAL-2026-6932 Malicious code in evm-typechain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...
Malicious code in notifier-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...
PYSEC-2026-1962 TensorFlow has segfault in array_ops.upper_bound
Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...