1272 matches found
Chuanhu Chat - Directory Traversal
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...
CVE-2026-15497 SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection
A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...
CVE-2026-15485
TRENDnet TEW-821DAP 1.11B03 contains a flaw in the DNS Lookup Handler (function sub_43F2C4 in /goform/tools_nslookup) that allows os command injection via manipulation of nslookup_target/dns_server. The vulnerability can be triggered remotely. The vendor notes these items are EOL; no current conf...
CVE-2026-8800
CVE-2026-8800 concerns an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected software is MOVEit Transfer; impact involves unauthorized access across confidentiality, integrity, and availability (CVSS v3.1 base score 8.8, HIGH). Affected versions are MO...
CVE-2026-57243
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
WordPress picu plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by xwii in WordPress Plugin picu versions = 3.5.1...
EUVD-2026-42180
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...
CVE-2026-57241
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...
PT-2026-56340
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF and JavaScript performs operations on the page and document. This causes page-related objects to lose synchronization, while t...
CVE-2026-21369
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
EUVD-2026-41927
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
PT-2026-55989
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto affected versions not specified Description Memory corruption occurs when handling flash commands. This issue is caused by the use of outdated LED count values following modifications made in userspace. Recommendations...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)
Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...
Linux Distros Unpatched Vulnerability : CVE-2026-13957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject...
CVE-2026-53018
A flaw was found in the Linux kernel's f2fs filesystem. During garbage collection, a race condition can occur when a page is moved and updated, but the system attempts to read it again from an outdated location. This can trigger a kernel bug, leading to a system crash and a denial of service DoS....
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-107 (ALASKERNEL-5.15-2026-107)
The version of kernel installed on the remote host is prior to 5.15.209-147.245. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-107 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch...
PT-2026-51130
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...
CVE-2026-48613
Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...