CVE-2026-10291

CVE-2026-10291 affects Enderfga claw-orchestrator (up to 3.7.0). The vulnerability lies in the function validateRegex in claw-orchestrator/src/embedded-server.ts of the Session Grep Endpoint , where manipulating the argument body.pattern leads to inefficient regular expression complexity. Remote ...

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

CVE-2026-49059 WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

OFFIS DCMTK 操作系统命令注入漏洞

OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

CVE-2025-14841 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

Ash Framework 安全漏洞

Ash Framework is an Ash Framework open source framework for building Elixir applications. A security vulnerability exists in Ash Framework version 3.6.3 through versions prior to 3.7.1, which stems from improper authorization and could lead to authentication bypass...

CVE-2025-53196

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...

CVE-2023-27444

Cross-Site Request Forgery CSRF vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin = 3.7.0 versions...

CVE-2022-33708

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege...

Snowflake ODBC Driver 安全漏洞

Snowflake ODBC Driver is a powerful tool from Snowflake to connect to a live Snowflake data warehouse directly from any application that supports ODBC connectivity. A security vulnerability exists in Snowflake ODBC Driver versions prior to 3.7.0, which stems from logging sensitive information and...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS that is open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.7.0 and prior versions, which stems from a gp reg pointing to the 0x800 byte at the beginning of the .sdata section when Global Pointer GP Relative Addressin...

PT-2024-37967 · WordPress · Dynamic Featured Image

Name of the Vulnerable Software and Affected Versions: Dynamic Featured Image plugin for WordPress versions up to, and including, 3.7.0 Description: The issue is related to Stored Cross-Site Scripting via the dfiFeatured parameter due to insufficient input sanitization and output escaping. This...

D-Tale Security Breach

Man Group D-Tale is a pandas data structure visualization tool from Man Group. A security vulnerability exists in D-Tale versions prior to 3.7.0 that stems from a possible vulnerability to remote code execution attacks, which could allow an attacker to run malicious code on the server...

CVE-2023-36088

Server Side Request Forgery SSRF vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information...

Eclipse Californium 安全漏洞

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap backend support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions prior to 3.7.0 and 2.7.4, which stems from a handshake that does not clean up PSKs that fail the...

Red Hat Ansible Tower Information Disclosure Vulnerability

Red Hat Ansible is a computer system configuration manager from Red Hat. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the mission control applications that provides a user interface UI, dashboards, and a REST API. An information disclosure...

CVE-2018-10425

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered...