5765 matches found
Jellyfin <10.7.0 - Local File Inclusion
Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. id: CVE-2021-21402 info: name: Jellyfin 10.7.0 - Local File Inclusion author: dwisiswant0 severity: medium...
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
CKAN DataStore SQL Search - SQL Injection
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /next and /static request namespace, allowing attackers to obtain sensitive information. id: CVE-2017-16877 info: name: Nextjs 2.4.1 - Local File Inclusion author: pikpikcu severity: high description: ZEIT Next.js before 2.4...
UBUNTU-CVE-2026-42616
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file...
SUSE-SU-2026:2955-1 Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: - CVE-2026-31685: netfilter: ip6teui64: reject invalid MAC header for all packets bsc1263670. - CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on...
CVE-2024-7708
For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...
EUVD-2024-55651
For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...
EUVD-2026-43274
The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...
CVE-2026-57961 phpMyFAQ - Authenticated Path Traversal in PDF Export via concatenatePaths Function
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...
EUVD-2026-42891
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...
CVE-2026-57961 phpMyFAQ - Authenticated Path Traversal in PDF Export via concatenatePaths Function
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...
CVE-2026-11875
Affected software: WP Support Plus Responsive Ticket System WordPress plugin (up to version 9.1.2). Issue: guest-session cookies are neither signed nor verified, enabling unauthenticated attackers to forge a cookie and impersonate another ticket owner (identified by email) to read, reply to, and ...
CVE-2026-54528
Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...
EUVD-2026-42377
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
CVE-2026-58266
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...
CVE-2026-53511
Calibre vulnerability CVE-2026-53511 affects the calibre e-book manager prior to version 9.10.0. A malicious EPUB/OPF/PDF can trigger arbitrary Python code execution when metadata is read by calibre (e.g., via Add books or Edit books) by embedding a python: template in calibre:user_metadata; the ...
CVE-2026-53511 calibre: Arbitrary Code Execution in Template Formatter via Book Metadata
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...
CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
CVE-2026-59509
An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...