48 matches found
CVE-2026-48945
The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field, which will cause a crash in Redis when accessed in affected versions. This issue has been addressed in versions 7.0.11, 6.2.12, and 6.0.19...
CVE-2026-27680
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...
CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
CVE-2026-32738
libheif (versions
HPE Networking Instant On Access Points 安全漏洞
HPE Networking Instant On Access Points is a wireless network access point from HPE America. A security vulnerability exists in HPE Networking Instant On Access Points that stems from the processing of specially crafted packets that may cause the device to be unresponsive, potentially triggering ...
EUVD-2006-4873
Malware in sbrugna...
EUVD-2006-0985
Malware in sbrugna...
EUVD-2025-2435
Malicious code in bioql PyPI...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking the starting location of empty przs in pstore/ram, which could cause a crash on future access...
CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface
An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privilege...
CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface
An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privilege...
xorg-x11-server: SELinux unlabeled GLX PBuffer
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...
PT-2024-19671 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attribute...
SUSE: Security Advisory (SUSE-SU-2018:3436-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
wonderwork.org Improper Access Control vulnerability OBB-1257231
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
McAfee VirusScan Enterprise Privilege Permission and Access Control Issues Vulnerability
McAfee VirusScan Enterprise VSE is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A vulnerability exists in the Microsoft Windows client McTray.exe...
CVE-2019-3588
Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked...
CVE-2019-3585
Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges...
Privilege escalation
Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked...