1529 matches found
CVE-2026-9015
The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...
PT-2026-44220
The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...
Astra Linux - уязвимость в python-tornado
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...
GHSA-58QX-3VCG-4XPX ws: Uninitialized memory disclosure
Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...
ws: Uninitialized memory disclosure
Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021475)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021475 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers wher...
CVE-2026-45736
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...
CVE-2026-45736
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...
UBUNTU-CVE-2026-45736
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...
CVE-2026-45736 ws: Uninitialized memory disclosure
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...
CVE-2026-45736
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...
ws 安全漏洞
WS is a Node.js WebSocket library open source under WebSockets. Versions of WS prior to 8.20.1 contained a security vulnerability, which stemmed from an initialization memory leak when TypedArray was used as a reason parameter in the websocket.close implementation...
CVE-2026-44597
A flaw was found in Tor. A remote attacker can exploit an out-of-bounds read vulnerability when an END, TRUNCATE, or TRUNCATED cell lacks a reason in its payload. This can lead to a denial of service, making the Tor service unavailable...
Use of Uninitialized Resource
Overview ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close implementation in the Sender class, which exposes uninitialized memory when a TypedArray is provided as the...
Use of Uninitialized Resource
Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close implementation in the Sender class, which exposes uninitialized memory when a TypedArray is...
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...
DEBIAN-CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...
CVE-2026-44597
CVE-2026-44597 affects Tor before 0.4.9.7. The issue is an out-of-bounds read when END, TRUNCATE, or a TRUNCATED cell lacks a reason in its payload (TROVE-2026-011). Impact as per sources includes high confidentiality and availability risks (CVSS). Exploitation details are not provided in the doc...
CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...