CVE-2026-9185

CVE-2026-9185 affects the WordPress plugin 6Storage Rentals (versions

GHSA-G794-3FMP-753H AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

python311-Pygments-2.20.0-2.1 on GA media (moderate)

python311-Pygments-2.20.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10476-1 Rating: moderate Cross-References: CVE-2026-4539 CVSS scores: CVE-2026-4539 SUSE : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

CVE-2026-33548

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

PT-2026-7136

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowed hosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

WordPress plugin AnyWhere Elementor Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

GNU BinUtils 安全漏洞

GNU BinUtils is a collection of programming tools for working with binary files from the US GNU community. A security vulnerability exists in GNU BinUtils version 2.26, which stems from the improper handling of specially crafted PE files by the dprintcompinner function in the cp-demangle.c file,...

CVE-2025-47776

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-58651 WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.24...

Linux Distros Unpatched Vulnerability : CVE-2023-49553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsdestroy function in the msj.c file. CVE-2023-49553 Note that...

Linux Distros Unpatched Vulnerability : CVE-2018-7637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in CImg v.220. A heap-based buffer over-read in loadbmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability tha...

Linux Distros Unpatched Vulnerability : CVE-2005-0837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

htop Security Vulnerabilities

htop is a cross-platform interactive process viewer from htop open source. A security vulnerability exists in htop version v.2.20, which stems from out-of-bounds access in the HeaderpopulateFromSettings function...

CVE-2022-40211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1...

PT-2024-17837

Name of the Vulnerable Software and Affected Versions Loomio version 2.22.0 Description The issue allows executing arbitrary commands on the server due to the application being vulnerable to OS Command Injection. Recommendations For Loomio version 2.22.0, update to a version that fixes the OS...

Espruino Buffer Error Vulnerability

Espruino is a JavaScript interpreter. It is designed for devices with only 128kB of flash memory and 8kB of RAM. A buffer error vulnerability exists in Espruino version 2v20 commit fcc9ba4, which stems from a buffer overflow vulnerability in the component src/jsparse.c. The vulnerability is cause...

PT-2023-28786 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: A function pointer hijacking issue was discovered in the mjs get ptr function, allowing attackers to execute arbitrary code via a crafted input. Recommendations: For version 2.20.0, consider disabling t...

stb 资源管理错误漏洞

stb is a single-file public domain library for C/C ++. A security vulnerability exists in nothings stb version 2.27, which stems from a heap-based post-release reuse issue in the function stbijpeghuffdecode in the file stbimage.h. The vulnerability is caused by a heap-based post-release reuse iss...