9 matches found
EUVD-2026-33444
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
CVE-2026-42281
The CVE-2026-42281 entry relates to MagicMirror² prior to 2.36.0, where an unauthenticated SSRF in the /cors endpoint allows arbitrary server-side HTTP requests (to internal networks, cloud metadata, and localhost) and can exfiltrate environment variables via URL placeholders. The vulnerability a...
CVE-2026-27963
Audiobookshelf (web application) prior to version 2.32.0 is affected by a stored XSS vulnerability via malicious library metadata. Attackers with library modification privileges can inject JS code that runs in victims’ browsers, potentially enabling session hijacking and data exfiltration. A fix ...
OESA-2025-2889 python-requests security update
Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...
WordPress plugin Яндекс Доставка (Boxberry) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
CVE-2024-26351
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updateplace.php...
SUSE CVE-2020-6096
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker...
GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability (CNVD-2018-09562)
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
Buffalo WZR-1750DHP2 Buffer Overflow Vulnerability
The Buffalo WZR-1750DHP2 is a router product from the Buffalo Group of Japan. A buffer overflow vulnerability exists in the Buffalo WZR-1750DHP2 version 2.30 and earlier. An attacker can exploit this vulnerability to execute arbitrary code with the help of specially crafted files...