574 matches found
CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...
PT-2026-31441
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...
CVE-2026-34903
The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...
CVE-2026-34405
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
CVE-2026-34405
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
EUVD-2026-17670
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...
CVE-2026-34405
Summary: CVE-2026-34405 affects Nuxt OG Image. The vulnerable component (image-generation) is served at the URI /_og/d/ (and historically /og-image/) and can inject arbitrary HTML body attributes due to a flaw in Nuxt OG Image before version 6.2.5. Affected versions: prior to 6.2.5. Impact: poten...
EUVD-2026-17668
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...
CVE-2026-34404 Nuxt OG Image vulnerable to DoS via image generation
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...
CVE-2026-34404
CVE-2026-34404 affects Nuxt OG Image. The vulnerability is in the image-generation component accessed via /_og/d/ (and older /og-image/), where unbounded width/height parameters allow a Denial of Service. Affected versions prior to 6.2.5 are exploitable; the issue has been patched in version 6.2....
RHEL 9 : python3.11 (RHSA-2026:6253)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6253 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
PT-2026-29371
Name of the Vulnerable Software and Affected Versions Nuxt OG Image versions prior to 6.2.5 Description The Nuxt OG Image package contains a flaw in the image-generation component accessible via the API endpoint / og/d/ and /og-image/ in older versions. This issue allows for the injection of...
CVE-2026-33954
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
EUVD-2025-209112
Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...
EUVD-2026-16870
LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...
CVE-2026-33674
PrestaShop versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. The issue is addressed by a fix in 8.2.5 and 9.1.0; no public workarounds are listed. Upgrading to 8.2.5, 9.1.0, or newer versions is recommended. The available documents do not provide exploit details or in-the...
CVE-2026-33674 PrestaShop: Improper Use of Validation Framework
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...
CVE-2026-33673
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...