269 matches found
CVE-2026-48055
Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...
CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-22324 WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through = 2.5.0...
WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solaris versions = 2.5...
CVE-2025-47904
CVE-2025-47904 affects Microchip Time Provider 4100. Root cause: missing integrity check during code download allows a malicious manual software update. Affected: Time Provider 4100 before version 2.5. Impact (per sources): potential compromise of software integrity and related systems during upg...
CVE-2026-26268
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...
CVE-2026-26268
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...
CVE-2026-2361 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...
CVE-2025-49055 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...
MiracleLinux 8 : ruby:2.5 (AXSA:2022-3066:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3066:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding...
RHSA-2026:0361 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update
Bulletin has no description...
MiracleLinux 8 : ruby:2.5 (AXSA:2025-9949:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9949:01 advisory. oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler: unexpected code...
BIT-PYTORCH-2025-63396
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...
WordPress Trust.Reviews plugin <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability
Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability discovered by Kishan Vyas in WordPress Plugin Trust.Reviews versions = 2.5...
WordPress plugin Social Reviews Recommendations 跨站脚本漏洞
...
WordPress plugin SKT Skill Bar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-62067
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...