4328 matches found
📄 tracker-extract 3.8.2 / tracker-miners 3.x Crash
Proof of concept exploit for tracker-extract version 3.8.2 and tracker-miners version 3.x that demonstrates a crash when parsing oversized or malformed frames from MP3/APEv2 tags...
EUVD-2026-10122
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar files uploaded by other users. The avatar deletion endpoint does not verify that the requested avatar belongs to the current user. As a result, any...
EUVD-2026-10116
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...
PT-2026-23823
Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain an issue where the url parameter can be exploited to retrieve local system files. Recommendations Update to...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code-related vulnerabilities, which stemmed from server-side request forgeing in the notification tester...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 had code vulnerabilities, as the url parameters could be used to access local system files...
PT-2026-23827
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar files uploaded by other users. The avatar deletion endpoint does not verify that the requested avatar belongs to the current user. As a result, any...
Wallos 跨站脚本漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the $GET parameter was directly output as an HTML input value attribute without being...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tracker-miners (SUSE-SU-2026:0780-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0780-1 advisory. - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when...
openSUSE Security Advisory (SUSE-SU-2026:0780-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for tracker-miners
This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607...
CVE-2025-40701
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...
CVE-2025-40701
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...
CVE-2025-40701 Reflected Cross-Site scripting (XSS) in SOTE's SOTESHOP
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...
CVE-2025-40701
SOTESHOP 8.3.4 contains a Reflected XSS in /adsTracker/checkAds via the id parameter. An attacker can inject JS and run it in the victim’s browser, potentially stealing session cookies or acting on behalf of the user. CVSS 4.0 suggests 5.1 base score (MEDIUM) with network attack vector, low compl...
SOTESHOP 跨站脚本漏洞
SOTESHOP is an online shopping system developed by SOTESHOP Corporation. Version SOTESHOP 8.3.4 contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of the id parameter in adsTracker/checkAds, which may allow attackers to execute JavaScript code in the...
PT-2026-21512
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal...
PT-2026-21371
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 8.1 security and bug fix update
An update is now available for Red Hat Ceph Storage 8.1. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages...
[SECURITY] [DSA 6135-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6135-1 [email protected] https://www.debian.org/security/ Andres Salomon February 14, 2026 https://www.debian.org/security/faq -...