241499 matches found
GHSA-R95X-QFJJ-FJJ2 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2026-44681 vulnerabilities
Vulnerabilities for packages: airflow...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-28913
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...
GHSA-38C5-483C-4QQP vulnerabilities
Vulnerabilities for packages: zed...
EUVD-2026-30180
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...
PT-2026-40926
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A stack buffer overflow in the "refint" module allows an...
PT-2026-41072
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds read in FileSystem allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is convinced to perform...
PT-2026-41010
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
PT-2026-40951
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
PT-2026-41009
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...
Vvveb 跨站脚本漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the Signup::addUser controller in the customer registratio...
Palo Alto GlobalProtect App 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Multiple Vulnerabilities
The version of Palo Alto GlobalProtect App installed on the remote host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that...
Strapi 路径遍历漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi from 4.0.0 to 5.37.0 had a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of query parameters when filtering content using relationship fields...
PostgreSQL SQL注入漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...
Low: microcode_ctl
Issue Overview: Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of exposing sensitive details related to backend infrastructure. This could lead to the disclosure of internal system architecture or...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of directory list information...