CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

Ghost 注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

EUVD-2021-2093

Malware in sbrugna...

Mio Security Breach

Mio is the Metal I/O library for Rust. A security vulnerability exists in Mio versions v0.7.2 through prior to v0.8.11, which stems from the return of invalid tokens under certain circumstances, potentially leading to reuse after release...

@christianhugo/mobile-builder (=0.7.3-beta.3), @saltcorn/mobile-builder (>=0.7.2 <=0.7.3-beta.3) potentially affected by unknown CVE via @saltcorn/cli (>=0.7.2-beta.10 <=0.7.3-beta.3)

@saltcorn/cli NPM version =0.7.2-beta.10, =0.7.2, =0.7.3-beta.3 Source cves: unknown CVE Source advisory: OSV:GHSA-WXF3-4FVJ-VQQX...

CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

CVE-2022-25303

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

Libsolv Illegal Address Access Vulnerability

Libsolv is a free package management library. An illegal address access vulnerability exists in the poolwhatprovides function in src/pool.h in libsolv.a in libsolv 0.7.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service...

PT-2018-2666 · Opensuse +4 · Libsolv +4

Name of the Vulnerable Software and Affected Versions: libsolv versions through 0.7.2 Description: The issue is related to errors in resource management, specifically in the pool whatprovides function of the libsolv library. It may allow a remote attacker to cause a denial of service. However, it...