6699 matches found
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLim...
GO-2026-4784 Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values in github.com/mattermost/mattermost-plugin-msteams
Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values in github.com/mattermost/mattermost-plugin-msteams...
CVE-2019-25611
CVE-2019-25611 affects MiniFtp (miniftpd). The vulnerability is a stack buffer overflow in the function parseconf_load_setting triggered by oversized configuration values in miniftpd.conf (values >128 bytes). This can allow a local attacker to execute arbitrary code with root privileges. The i...
CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...
CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...
CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...
PT-2026-26999
MiniFtp contains a buffer overflow vulnerability in the parseconf load setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwri...
MiniFtp 缓冲区错误漏洞
MiniFtp is a lightweight FTP server software developed by Arvin’s individual developer. MiniFtp has a buffer error vulnerability, which stems from a buffer overflow in the parseconfloadsetting function. This vulnerability could allow local attackers to execute arbitrary code by providing...
PT-2026-26914
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...
PT-2026-26947
Name of the Vulnerable Software and Affected Versions WordPress Import and export users and customers plugin versions up to and including 1.29.7 Description The Import and export users and customers plugin for WordPress is susceptible to privilege escalation. This occurs because the save extra us...
CVE-2026-21732
CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the setderivedvalues function of the picparameterset component when processing a malformed H.265 PPS NAL unit. An attacker can cause a segmentation fault and crash the application by supplying specially...
UBUNTU-CVE-2026-33154
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...
EUVD-2026-13639
Qwik City has array method pollution in FormData processing allows type confusion and DoS...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Range or Values summarizer, which renders raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious content...
CVE-2026-33080
Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...
PT-2026-26691
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
PT-2026-26593
Summary Qwik City improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be written onto values that application code expected to be arrays...