1028 matches found
PT-2026-40176
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
requests-hardened 代码问题漏洞
requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...
Microsoft Windows Storage Spaces Controller 输入验证错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for storage space functions. There is an input validation vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...
Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017651)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017651 advisory. A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LD...
Linux Distros Unpatched Vulnerability : CVE-2026-39823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces...
EUVD-2026-28424
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...
CVE-2026-39823
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...
CVE-2026-39823
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...
CVE-2026-39823
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...
JLSEC-2026-194
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this...
PT-2026-38565
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...
PT-2026-34515
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
Linux Distros Unpatched Vulnerability : CVE-2026-33691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...
CVE-2026-32076
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-27907
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
EUVD-2026-22817
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
CVE-2026-40104
CVE-2026-40104 affects XWiki Platform. A resource exhaustion vulnerability exists in REST API endpoints (for example, /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties) that return metadata listing all pages without query lim...
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability
Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...