Wings Resource Management Error Vulnerability

Wings is the server control interface for Pterodactyl Panel. In versions 1.7.0 to 1.12.0 of Wings, there was a resource management vulnerability. This vulnerability stemmed from not considering the maximum parameter limits of SQLite, which could lead to exhaustion of the database server’s disk...

CVE-2026-0519

CVE-2026-0519 : In Secure Access 12.70 and earlier than 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. This could allow any party with access to those logs to read the token and reuse it to access an integrated system. The provided ...

@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +171 more potentially affected by unknown CVE via svelte (>=3.12.1 <=3.59.1)

svelte NPM version =3.12.1, =1.3.0, =1.1.0, =1.3.0, =1.0.3, =0.0.999-alpha.30, =10.0.0, =7.1.4, =21.0.4, =8.0.4, =2.0.4, =1.0.1, =6.0.4, =12.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-SVELTE-15032658...

CVE-2026-21624 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla...

@mapbox/vnu-validate-html (=0.1.0), @northernbeat/gulp-tasks (>=1.0.48 <=1.0.50) +34 more potentially affected by CVE-2025-15104 via vnu-jar (>=16.12.27 <=26.5.29)

vnu-jar NPM version =16.12.27, =1.0.48, =1.0.3, =0.9.0, =0.1.1, =0.7.0, =0.1.2, =0.6.0, =8.1.0, =9.1.1, =1.0.0, =1.1.2, =2.0.0 and more Source cves: CVE-2025-15104 Source advisory: SNYK:JS-VNUJAR-15010791...

WordPress AffiliateX plugin 1.0.0-1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting

Authenticated Subscriber+ Missing Authorization to Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin AffiliateX versions 1.0.0-1.3.9.3...

@deno/sandbox (>=0.0.9 <=0.6.0), @ekairos/dataset (>=1.21.56-beta.0 <=1.22.34-beta.development.0) +45 more potentially affected by CVE-2026-22775 via devalue (>=5.1.1 <=5.6.0)

devalue NPM version =5.1.1, =0.0.9, =1.21.56-beta.0, =1.22.4-beta.development.0, =1.21.56-beta.0, =1.21.67-beta.0, =1.21.88-beta.0, =0.0.0-dev-20260121145510, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =2.3.97, =1.1.53, =2.0.0, =1.2.263, =3.1.3, =4.0.1 and mo...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2021-47760

...

CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

AZL-74631 CVE-2026-0897 affecting package keras for versions less than 3.3.3-6

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

DEBIAN-CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved security vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of the American company Juniper Networks. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interface...

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

Keras security vulnerabilities

Keras is an open-source deep learning framework with multiple backends. Versions 3.0.0 to 3.13.0 of Keras contain security vulnerabilities. These vulnerabilities stem from the HDF5 weight loading component, which allows unlimited or throttled resource allocation. This could allow remote attackers...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002923)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002923 advisory. In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory...

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2025-14556 XSS in Drupal 7 Flag Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

org.apache.camel.karaf:camel-neo4j (>=4.10.3 <=4.10.7), org.apache.camel.springboot:camel-neo4j-starter (>=4.10.0 <=4.10.7) potentially affected by CVE-2025-66169 via org.apache.camel:camel-neo4j (>=4.10.0 <=4.10.7)

org.apache.camel:camel-neo4j MAVEN version =4.10.0, =4.10.3, =4.10.0, =4.10.7 Source cves: CVE-2025-66169 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-14930769...