36 matches found
CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover
Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...
Relative Path Traversal
Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...
CVE-2025-48977 Apache Ignite: REST HTTP arbitrary file read vulnerability
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...
CVE-2026-40934 jupyter-server authentication cookies remain valid after password reset due to static cookie secret
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
CVE-2026-40110
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...
CVE-2025-61669
Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...
EUVD-2026-26351
Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...
CVE-2026-41254
Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...
EUVD-2026-9693
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Invetex invetex allows PHP Local File Inclusion.This issue affects Invetex: from n/a through = 2.18...
WordPress Invetex theme <= 2.18 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Invetex versions = 2.18...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-42615 Improper Restriction of Excessive Authentication Attempts vulnerability in CIRCL Vulnerability-Lookup
In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...
CVE-2019-14494 affecting package cppcheck for versions less than 2.18.3-1
CVE-2019-14494 affecting package cppcheck for versions less than 2.18.3-1. An upgraded version of the package is available that resolves this issue...
OPENSUSE-SU-2025:15638-1 ansible-core-2.18-2.18.10-2.1 on GA media
These are all security issues fixed in the ansible-core-2.18-2.18.10-2.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2025-31699
Malicious code in bioql PyPI...
WordPress plugin GutenBee 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
TensorFlow 安全漏洞
TensorFlow is a suite of end-to-end open source platforms for machine learning open-sourced by TensorFlow. A security vulnerability exists in TensorFlow version v2.18.0, which stems from a denial of service attack when padding is set to VALID in tf.keras.layers.Conv2D...
CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...
CVE-2025-46226 WordPress MPL-Publisher <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0...
WordPress Crypto plugin <= 2.18 - Authentication Bypass via register vulnerability
Authentication Bypass via register vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.18...