BIT-SOLR-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-29112 @dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

Allocation of Resources Without Limits or Throttling

Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation by supplying a crafted SVG file with extremely large...

mysql: Optimizer unspecified vulnerability (CPU Oct 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

mysql: InnoDB unspecified vulnerability (CPU Oct 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

AZL-68640 CVE-2025-53044 affecting package mysql for versions less than 8.0.44-2

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Oracle MySQL Cluster 9.x.x < 9.4.0 (April 2025 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.0-8.0.43,...

CVE-2024-13009 Eclipse Jetty GZIP buffer release

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

CVE-2024-5824

A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...

WordPress WP Travel Plugin <= 9.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Travel Type Plugin Vulnerable versions = 9.3.1 Fixed in 9.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44039 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7cdc4177f130 Credits Sharanabasappa Required privilege...

CVE-2024-5824

A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

PYSEC-2024-108

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

PYSEC-2024-108

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8...

CVE-2023-26818

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their...

Western Digital My Cloud Home 安全漏洞

Western Digital My Cloud Home is an easy-to-use personal cloud storage device from Western Digital. It plugs directly into your Wi-Fi router to protect your digital life. A security vulnerability exists in Western Digital My Cloud Home prior to version 9.4.0-191 and My Cloud Home Duo prior to...

Western Digital My Cloud Home 安全漏洞

Western Digital My Cloud Home is an easy-to-use personal cloud storage device from Western Digital. It plugs directly into your Wi-Fi router to protect your digital life. A security vulnerability exists in Western Digital My Cloud Home versions prior to 9.4.0-191 and My Cloud Home Duo versions...