BIT-GDAL-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow

A vulnerability has been found in OSGeo gdal up to 3.13.0. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has be...

CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

SUSE CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

CVE-2025-69228

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

CVE-2025-67558 WordPress Rencontre plugin <= 3.13.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through = 3.13.7...

CVE-2025-66060

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

PT-2025-46411

Name of the Vulnerable Software and Affected Versions ACAT versions prior to 3.13 Description A time-of-check time-of-use race condition exists in some ACAT versions prior to 3.13 within Ring 3: User Applications. This can lead to a denial of service. An unprivileged software adversary with an...

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Seriously Simple Podcasting versions = 3.13.0...

BigBlueButton 安全漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton versions prior to 3.0.13, which stems from mishandling of the Choices response type for the polling feature, which could lead to a denial of service attack...

postorius -- XSS

NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

WordPress GiveWP plugin <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update vulnerability

Missing Authorization to Unauthenticated Event Settings Update vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.13.0...

PT-2014-9107 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: openSUSE kernel versions prior to 3.13.6 Description: The issue is related to multiple vulnerabilities in the openSUSE operating system, specifically in various kernel packages. These vulnerabilities can lead to a violation of confidentiality...