CVE-2026-4174

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Version 5.9.9 of Radare2 contains a security vulnerability, which stems from incorrect operations on the function walkexportstrie found in the file libr/bin/format/mach0/mach0.c, potentially leading to resource...

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

Malicious code in deuro-landing-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21bff5e6829c4c257d34d4ad60dd2d5d85f4f6fc67fdffaf74c86bb600ff7cb The package deuro-landing-page was found to contain malicious code. Source: ossf-package-analysis...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004524)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004524 advisory. An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause...

PT-2025-42601

Name of the Vulnerable Software and Affected Versions radare2 versions prior to 5.9.9 Description The software contains a memory leak within the r bin object new function. Recommendations Update to version 5.9.9 or later...

Linux Distros Unpatched Vulnerability : CVE-2025-5645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the...

CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

CVE-2025-5641

A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function rconsisbreaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local...

PT-2025-23901 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A problematic vulnerability was found in the function cons stack load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack must...

PT-2025-23902 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A vulnerability has been found in the function r cons flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to...

PT-2025-23904 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A problem has been found in the function r cons rainbow free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch...

CVE-2024-1537

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output...

CVE-2025-1864

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

UBUNTU-CVE-2025-1864

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

PT-2024-18122 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's event calendar widget due to insufficient input sanitization and...

WordPress Essential Addons for Elementor Plugin <= 5.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.8 Fixed in 5.9.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1276 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID b864b4f9f50d Credits RandomRoot...

Linux kernel denial of service vulnerability (CNVD-2020-66311)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A code issue vulnerability exists in Linux kernel version 5.9.9 and earlier versions, which stems from an issue found...

Code Execution Vulnerability in Rice CMS Version V5.9.9

DAMI CMS aka 3gcms is a free and open source, fast and simple integrated system for PC building and mobile building. Rice CMS V5.9.9 version of the existence of code execution vulnerabilities, the vulnerability stems from the background of the user's incoming parameters are not sufficiently...