11426 matches found
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...
CVE-2026-13699 Databroker 0.6.1 PublishValue missing data_point panic
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
CVE-2026-13699
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
WordPress Redux Framework <=4.2.11 - Information Disclosure
WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...
Citrix SD-WAN Center - Local File Inclusion
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...
EUVD-2026-43553
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...
PT-2026-58848
Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A use of uninitialized value occurs when the GetDestinationGroupId.Value method is called without verifying if a value exists. This happens when an InvokeCommand is sent without...
CVE-2026-15598
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...
CVE-2026-14686
A flaw was found in HdrHistogram. This vulnerability affects the DoubleHistogram.recordValue function, which is part of the Range Check component. A local attacker can exploit this flaw by performing a specific manipulation, leading to an incorrect comparison of values. This issue primarily impac...
EUVD-2026-43138
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...
CVE-2026-55461 Snipe-IT: Open Redirect After User Edit
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...
CVE-2025-30008
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
CVE-2025-30008
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
Dword XOR Encoder (Tag-based)
Dword XOR encoder for RISC-V 32-bit Little Endian using a tag-based terminator rather than an encoded length. The decoder loop XORs each dword and stops when the result is zero the sentinel. This avoids encoding the payload length in the stub, eliminating a source of bad character conflicts. Note...
EUVD-2025-210453
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
CVE-2025-30008 HestiaCP < 1.9.5 Stored XSS via DNS Record Management Interface
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
CVE-2026-54063
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...
CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...
CVE-2026-59162
The CVE concerns the Go-based Excelize library (v2.x) where, prior to 2.11.0, shared-string cell values could be indexed with -1, causing a panic in GetCellValue and GetRows. The issue stems from parsing shared-strings with strconv.Atoi and only an upper bound check before indexing the sharedStri...