4068 matches found
CVE-2026-33538
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...
CVE-2026-33340
LoLLMs WEBUI (lollms-webui) contains a critical SSRF in the /api/proxy endpoint (POST) that allows unauthenticated attackers to force the server to perform arbitrary GET requests. Root cause: server-side request execution via an unauthenticated endpoint; impact includes access to internal service...
sqlic
SQLIC sca...
PT-2026-26937
CVE-2026-255769 CVE-2026-255769 / CVE-2026-255770 – Vulnerabilidades en ... https://t.co/TVMAosnrvC Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd...
GHSA-RJCW-VG7J-M9RC Syft improper temporary file cleanup
Impact Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the...
OESA-2026-1689 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...
OESA-2026-1687 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...
OESA-2026-1685 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...
PT-2026-26768
Name of the Vulnerable Software and Affected Versions Syft versions prior to 1.42.3 Description Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caus...
CVE-2026-32721
A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting XSS vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name SSID. When a user opens the wireless scan modal, the unsanitized SSID is rendered as r...
CVE-2026-32721
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2026-32721
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
EUVD-2026-13382
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
PT-2026-26450
Name of the Vulnerable Software and Affected Versions LuCI versions prior to 24.10.5 and 25.12.0 Description LuCI, the OpenWrt Configuration Interface, is affected by a stored Cross-Site Scripting XSS issue within the wireless scan modal. The system renders SSID values from scan results as raw HT...
SUSE-SU-2026:0906-1 Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...
ThreatLens-Scan
No d...
Zombie ZIP method can fool antivirus during the first scan
A researcher published “Zombie ZIP,” a simple way to change the first part header of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests...