CVE-2026-30643

Summary: CVE-2026-30643 affects DedeCMS 5.7.118 and allows code execution via crafted setup tag values during a module upload. The description consistently states the root cause as the crafted setup tag values leading to remote code execution within the module upload process. The available source...

PT-2026-29535

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

PT-2026-29473

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

PT-2026-29567

🔴 CVE-2026-30643 - Critical An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. https://t.co/rjHTzSsdI1 https://t.co/y2qo3h5iFP...

parse-server has cloud function validator bypass via prototype chain traversal

Impact An attacker can bypass Cloud Function validator access controls by appending .prototype.constructor to the function name in the URL. When a Cloud Function handler is declared using the function keyword and its validator is a plain object or arrow function, the trigger store traversal...

CVE-2026-34555 iccDEV: SBO in CIccTagFixedNum::GetValues()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow SBO in CIccTagFixedNum::GetValues and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a...

CVE-2026-34555

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow SBO in CIccTagFixedNum::GetValues and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2026-34537

iccDEV is affected prior to version 2.3.1.6. A crafted ICC profile can trigger Undefined Behavior in CIccOpDefEnvVar::Exec() due to invalid enum values loaded for icSigCmmEnvVar, observable under UBSan as load of value not a valid value for type icSigCmmEnvVar. The issue has been patched in versi...

CVE-2026-34533

Affected software: iccDEV libraries/tools for ICC color management profiles. Issue: Before version 2.3.1.6, processing a crafted ICC profile can trigger Undefined Behavior in CIccCalculatorFunc::ApplySequence due to invalid enum values loaded for icChannelFuncSignature (UBSan shows a load of valu...

CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

CVE-2026-34396

WWBN AVideo (versions 26.0 and earlier) has a stored XSS vulnerability in the admin plugin configuration handling. The jsonToFormElements() function in admin/functions.php directly interpolates user-controlled values into HTML form fields (textarea contents, option elements, and input attributes)...

CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

SUSE CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

PT-2026-29404

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow SBO in CIccTagFixedNum::GetValues and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a...