522 matches found
CVE-2026-43977
Summary (CVE-2026-43977) : In wger, versions prior to 2.6 expose an IDOR: any authenticated user can read another user’s private workout data via /logs/ and /stats/ on a routine, because RoutinePermission incorrectly treats is_template=True as readable and RoutineViewSet actions return the owner’...
Malicious code in hehehe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...
CVE-2026-40553
CVE-2026-40553 affects GNU awk (gawk); a buffer/stack-based overflow in the extension/readdir.c ftype() routine can crash the process and, per the CVE description, potentially enable code execution, though this has not been confirmed. Vulnerable as of version 5.4.0 and earlier. No remediation det...
EUVD-2026-43495
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...
EUVD-2026-43494
Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...
CVE-2026-40469
In the provided documents, CVE-2026-40469 affects gawk, specifically 32-bit builds in versions 5.4.0 and earlier. The root cause is an integer overflow in the do_sub (subroutine) path within builtin.c, which could allow overwriting heap metadata and related objects, potentially causing the progra...
CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
CVE-2026-53291
CVE-2026-53291 affects the Linux kernel ALSA hda/conexant driver. The root cause is the ignored return value from snd_hda_jack_detect_enable_callback() in cx_probe(); if the call fails, an error pointer is returned and not checked, potentially leading to a crash when jack events are handled. The ...
UBUNTU-CVE-2026-6678
Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...
CVE-2026-44169
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the NestedParamsEncoder module through the dehash routine. An attacker can cause the application to crash and exhaust system resources by submitting a deeply nested query string that triggers uncontrolled...
BIT-MYSQL-CLIENT-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
BIT-MARIADB-MIN-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
BIT-MARIADB-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
CVE-2026-44169
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
ALPINE-CVE-2026-44169
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...