1052 matches found
EUVD-2026-43076
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...
UBUNTU-CVE-2026-54282
Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...
CVE-2026-54282
The CVE concerns Starlette prior to 1.3.0: HTTP request path is not validated when reconstructing request.url, allowing attacker-controlled hostname by re-parsing a non-absolute path (e.g., @google.com). The issue is fixed in 1.3.0. Remediate by upgrading to 1.3.0+; no exploitation details are pr...
CVE-2026-54282
Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...
EUVD-2026-37648
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
Use of Incorrectly-Resolved Name or Reference
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the reconstruction of request.url when the HTTP request path does not begin with /. An attacker can mislead the application into trusti...
WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability
Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...
JLSEC-2026-593
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprcopyexcept in libyasm/expr.c...
JLSEC-2026-586
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash in modules/preprocs/nasm/nasm-pp.c...
JLSEC-2026-588
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in findcc in modules/preprocs/nasm/nasm-pp.c...
JLSEC-2026-596
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandsmacro in modules/preprocs/nasm/nasm-pp.c...
JLSEC-2026-587
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacparams in modules/preprocs/nasm/nasm-pp.c...
JLSEC-2026-585
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in dodirective in modules/preprocs/nasm/nasm-pp.c...
JLSEC-2026-590
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in ifcondition in modules/preprocs/nasm/nasm-pp.c...
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
CVE-2026-34062
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...
CVE-2026-5711
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2026-40092
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
CVE-2026-35476
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...