CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

CVE-2026-34236

Auth0-PHP SDK versions 8.0.0–8.18.x encrypt cookies with insufficient entropy, enabling potential brute-forcing of the encryption key and forging session cookies. Impact is session integrity/confidentiality, with high severity (CVSS 3.1: HIGH). The issue is fixed in version 8.19.0. Affected devel...

CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection

The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

EUVD-2026-8985

A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

CVE-2026-3281

A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...

libvips 缓冲区错误漏洞

libvips is an open-source fast image processing library with low memory requirements. Version 8.19.0 of libvips contains a buffer error vulnerability. This vulnerability stems from incorrect handling of the extractband parameter in the file libvips/conversion/extract.c, which may lead to...

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819

This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...

EUVD-2022-49151

Malicious code in bioql PyPI...

Atlassian Bitbucket Data Center 安全漏洞

Atlassian Bitbucket Data Center is the data center version of Atlassian Bitbucket from Atlassian Australia. A security vulnerability exists in Atlassian Bitbucket Data Center versions 8.0.0 through 8.9.12 and 8.19.0 through 8.19.1, which originates from redirecting an aggrieved user to any...

PT-2022-27826 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection PPS/PoD versions 8.19.0 and earlier Description: The issue allows the pps user to escalate to root privileges due to unnecessary permissions. Recommendations: For versions 8.19.0 and earlier, update to a versi...

CVE-2022-46333 Proofpoint Enterprise Protection perl eval() arbitrary command execution

The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...

Proofpoint Enterprise Protection 跨站脚本漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the Administrator Smart Search feature containing a...

PT-2022-27824 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection PPS/PoD versions 8.19.0 and below Description: The Admin Smart Search feature in Proofpoint Enterprise Protection contains a stored cross-site scripting issue that allows an anonymous email sender to gain admi...

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

CVE-2021-39119

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before versi...

Improper access control

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before versi...

CVE-2021-39119

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before versi...

Atlassian Jira 授权问题漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira that stems from a bad access control vulnerability in the Issue Notification...