210 matches found
GHSA-6Q7J-XR26-3H2C Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. Due to a bug related to expired pointer references, Squid versions prior to 6.6 were vulnerable to a Denial of Service attack targeting error responses from the Cache Manager. This vulnerability allowed a trusted client to cause a Denial of Service attack by...
CVE-2026-25440 WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...
CVE-2024-38635 affecting package kernel for versions less than 6.6.139.1-1
CVE-2024-38635 affecting package kernel for versions less than 6.6.139.1-1. A patched version of the package is available...
EUVD-2026-30157
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
EUVD-2026-30156
CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-31721 affecting package kernel for versions less than 6.6.137.1-2
CVE-2026-31721 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2026-43228 affecting package kernel for versions less than 6.6.137.1-2
CVE-2026-43228 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2025-38531 affecting package kernel for versions less than 6.6.137.1-2
CVE-2025-38531 affecting package kernel for versions less than 6.6.137.1-2. A patched version of the package is available...
CVE-2026-31615 affecting package kernel for versions less than 6.6.137.1-1
CVE-2026-31615 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-31416 affecting package kernel for versions less than 6.6.134.1-2
CVE-2026-31416 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2026-31458 affecting package kernel for versions less than 6.6.134.1-2
CVE-2026-31458 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2026-31430 affecting package kernel for versions less than 6.6.137.1-1
CVE-2026-31430 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-31624 affecting package kernel for versions less than 6.6.137.1-1
CVE-2026-31624 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-31444 affecting package kernel for versions less than 6.6.134.1-2
CVE-2026-31444 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...