CVE-2026-40481

In monetr, versions 1.12.3 and earlier expose a denial-of-service risk where the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. An unauthenticated remote attacker can send oversized POST payloads to trigger uncontrolled memory gr...

Linux Distros Unpatched Vulnerability : CVE-2022-21682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6...

WordPress plugin Advanced WordPress Backgrounds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

SUSE CVE-2022-21682

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the...

Google Kubernetes Privilege Access Control Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A privilege access control vulnerability exists in Google...

wesnoth: information leakage

Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...