CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

CVE-2025-64784 DNG SDK | Heap-based Buffer Overflow (CWE-122)

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user...

CVE-2025-64894 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction ...

jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

AZL-61501 CVE-2025-46327 affecting package telegraf 1.29.4-21

gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...

WordPress plugin Kahuna 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of...

ACL Write Conflict Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An ACL write conflict vulnerability exists in Joomla! 1.7.0-3.9.22. The...

Unspecified vulnerability in kube-state-metrics

kube-state-metrics is a service that listens to the Kubernetes API server and generates data about the state of objects. A security vulnerability exists in kube-state-metrics version 1.7.0 and 1.7.1. An attacker can exploit the vulnerability to disclose sensitive information...

PT-2019-11728 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier Description: The issue allows attackers who can control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML...

picoTCP Stack Buffer Overflow Vulnerability

picoTCP is a modular open source TCP/IP stack designed for embedded systems and IoT. A stack buffer overflow vulnerability exists in picoTCP versions 1.7.0 through 1.5.0. A remote attacker could exploit this vulnerability to execute code or cause a denial of service...

Apache Ambari Remote Privilege Vulnerability

Apache Ambari is a set of tools for configuring, managing and monitoring Apache Hadoop clusters from the Apache Apache Software Foundation, USA. The tool supports visualization and analysis of job and task execution, support for system alerts, and more. A remote boost vulnerability exists in Apac...