CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

CVE-2026-2830

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

EUVD-2026-8696

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution...

CVE-2026-24793 A heap-based buffer over-read or buffer overflow vulnerability in azerothcore/azerothcore-wotlk

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in azerothcore azerothcore-wotlk deps/zlib modules. This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0...

EUVD-2025-206231

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

WordPress Post Type Switcher plugin <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change vulnerability

Insecure Direct Object Reference to Authenticated Author+ Post Type Change vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Type Switcher versions = 4.0.0...

free5GC 安全漏洞

free5GC is a 5th Generation 5G mobile core network open source project by free5GC open source. A security vulnerability exists in free5GC version 4.0.0, which stems from a buffer overflow in the AMF component that could lead to a denial of service...

Malicious code in patternfly-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 057836fcde782f283efd1e52688d31d8375cd7d963b136908d1457ea24e64193 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞

IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...

phpMyFAQ 安全漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 4.0.0, which stems from exposing the database server credentials when a connection to the DB fails...

CVE-2024-37030

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free...

OpenHarmony Security Vulnerabilities

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony prior to version v4.0.0. A remote attacker could exploit the vulnerability to execute arbitrary code in a pre-installe...

UPX 代码问题漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A null pointer dereference vulnerability exists in PackLinuxElf::canUnpack in plxelf.cpp in UPX version 4.0.0. The vulnerability can be exploited to execute arbitrary...

UPX 缓冲区错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A heap buffer overflow vulnerability exists in UPX version 4.0.0. The vulnerability stems from an imperfect check in plxelf.cpp. No detailed vulnerability details are...