18867 matches found
CVE-2026-34167
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
CVE-2025-59616
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
CVE-2025-59615
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...
CVE-2025-59617
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...
CVE-2025-59616
CVE-2025-59616 is a memory corruption (use-after-free) flaw triggered when processing multiple IOCTL calls using the same buffer file descriptor input, due to accessing already freed memory. According to NVD, the CVSSv3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIG...
CVE-2025-59616 Use After Free in Computer Vision
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
CVE-2025-59615
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...
CVE-2025-59615
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-25019
id: pretty-print uses effective GID instead of effective UID for name lookup...
OESA-2026-2874 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...
OESA-2026-2872 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...
CVE-2026-11855
CVE-2026-11855 affects the Simple Membership WordPress plugin prior to 4.7.5. The issue arises because Stripe webhook requests are not authenticated when no signing secret is configured, and a value taken from those requests is not escaped before being output in an administrator notice. This lead...
CVE-2026-11766
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...
PT-2026-55985
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when invoking device input/output control operations for mapping and unmapping persistent memory buffers. This issue is caused by improp...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
RLSA-2026:30860 Important: perl-IO-Compress security update
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...
ROOT-OS-DEBIAN-11-CVE-2024-42230 CVE-2024-42230 in rootio-linux - Patched by Root
Root has patched CVE-2024-42230 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
EUVD-2026-41674
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...
CVE-2026-9148
The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...