12129 matches found
CVE-2026-13082
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
NocoBase - SQL Injection
NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)
Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...
GTranslate < 2.8.65 - Cross-Site Scripting
In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...
CVE-2026-62205
OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...
Langflow < 1.9.0 - Remote Code Execution
Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...
UBUNTU-CVE-2026-61863
ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memo...
EUVD-2026-44796
CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator
MantisBT 2.28.3 and earlier contains a critical authentication bypass in the SOAP API's mcichecklogin function. Any user knowing any valid cookiestring can authenticate as any other user knowing their username, including the administrator, without knowing the target's password. The vulnerability ...
EUVD-2026-44620
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...
CVE-2026-61864 ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...
PT-2026-60234
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...
CVE-2026-45305
Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...
CVE-2026-60081
The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...
CVE-2026-58319
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...
Adobe Audition < 25.6.6 / 26.0 < 26.3 Multiple Vulnerabilities (APSB26-71) (macOS)
The version of Adobe Audition installed on the remote macOS host is prior to 25.6.6, 26.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-71 advisory. - Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i...
Adobe Creative Cloud < 6.10.0.252.3 Multiple Privilege escalation (APSB26-77)
The version of Adobe Creative Cloud installed on the remote Windows host is prior to 6.10.0.252.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-77 advisory. - Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerabilit...
Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72)
The version of Adobe Media Encoder installed on the remote Windows host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary co...
Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72) (macOS)
The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code...