2116 matches found
Traefik - Open Redirect
Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...
Advance Post Prefix WordPress plugin - Reflected XSS
Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...
OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files
A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...
EUVD-2026-43234
filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...
CVE-2026-61454
The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...
CVE-2026-3367
The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...
CVE-2026-3367
The CVE-2026-3367 entry concerns the WordPress plugin Lockme Calendars Integration (
CVE-2026-40007 Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError
Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...
CVE-2026-59149
Mockoon before version 9.7.0 is affected by a path-traversal in the templated filePath. The vulnerability arises because getSafeFilePath checks resolvedPath.startsWith(staticBaseDir) without a path-separator boundary, allowing an unauthenticated client to craft a ../-escaped path that prefixes th...
CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...
CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...
CVE-2026-53951
CVE-2026-53951 affects Copier versions 9.5.0–9.15.1. The vulnerability stems from a trust-prefix bypass: the code compares a template URL against a trusted prefix with a raw startswith and no path normalization, while the URL is normalized later when fetching (local paths via Path.resolve; https ...
CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...
CVE-2026-24699
CVE-2026-24699 affects Cisco routers: RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8). The issue is an OS command injection in the sub_34984() function of the rc binary, caused by improper sanitization of the lan_ipv6_prefixlen configuration parameter. This could allow an a...
OESA-2026-2862 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
CVE-2026-56015
Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...
EUVD-2026-41541
Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...
CVE-2026-56015
CVE-2026-56015 affects Net::IP::LPM v1.10 and earlier for Perl, enabling a heap out-of-bounds read when adding prefixes with unbounded lengths. The bug arises in addPrefixToTrie() which walks the prefix buffer by prefix_length bits without verifying it against the address width (4 bytes IPv4, 16 ...
CVE-2026-56015 Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length
Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...
PT-2026-55535
Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...