Rapid7 Velociraptor < 0.75.8 / 0.76.x < 0.76.3 Incorrect Authorization (CVE-2026-6290)

The version of Rapid7 Velociraptor installed on the remote host is prior to 0.75.8 or 0.76.x prior to 0.76.3. It is, therefore, affected by an incorrect authorization vulnerability: - Velociraptor contains a vulnerability in the query plugin which allows access to all orgs with the user's current...

Apache Superset allows privileged users to conduct error-based SQL Injection

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

Microsoft Edge (Chromium) < 143.0.3650.80 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.80. It is, therefore, affected by multiple vulnerabilities as referenced in the December 11, 2025 advisory. - Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote...

CVE-2025-59039 Prebid Universal Creative on npm briefly compromised

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

CVE-2024-49290

Cross-Site Request Forgery CSRF vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0...

PT-2024-3151 · WordPress · Contact Form 7 Database Addon – Cfdb7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Database Addon – CFDB7 plugin for WordPress version 1.2.6.8 and earlier Description: The issue is related to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive data, such as Personally...

A flaw was found in Python specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1 3.9.5 3.8.11 3.7.11 and 3.6.14.

...

pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

OPENSUSE-SU-2021:0597-1 Security update for python-django-registration

This update for python-django-registration fixes the following issues: Update to 3.1.2 boo1184427, CVE-2021-21416 Filter sensitive POST parameters in error reports Fix RemovedInDjango40Warning from Signal arguments This update was imported from the openSUSE:Leap:15.2:Update update project...

GHSA-CF66-XWFP-GVC4 Missing Origin Validation in webpack-dev-server

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

Flower instruction generator, Perl version-bug warning-the black bar safety net

Author: countercurrent wind Have previously published in the Journal of the articles put up! , published in the hacker X-Files for the first few periods forget, huh? Foreword Believe donefree killfriends are aware flower instruction. Add flowers Instructions Is a good filefree to killmethod, and...