1128 matches found
CVE-2026-48723
BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....
CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1
CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-5222 affecting package rust for versions less than 1.75.0-30
CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...
CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4
CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4. A patched version of the package is available...
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...
CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...
CVE-2026-45170
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17...
Nimiq 数据伪造问题漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...
Adobe CAI Content Credentials 路径遍历漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
CVE-2026-31266
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...
CVE-2026-45338
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture...
CVE-2026-40226 affecting package systemd for versions less than 255-30
CVE-2026-40226 affecting package systemd for versions less than 255-30. A patched version of the package is available...
CVE-2026-33814 affecting package azurelinux-image-tools for versions less than 1.4.0-2
CVE-2026-33814 affecting package azurelinux-image-tools for versions less than 1.4.0-2. A patched version of the package is available...
CVE-2025-2137 affecting package nodejs for versions less than 24.14.1-3
CVE-2025-2137 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2026-25657 Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...
PT-2026-46958
Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description A heap overflow occurs when preparsing SQL statements containing more than 9 binders. The preparse function expands SQL placeholder characters into numbered binders using the format :pN, but it only...