Lucene search
K

1137 matches found

OSV
OSV
added 2026/06/24 1:11 p.m.4 views

OESA-2026-2711 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with...

8.2CVSS6.2AI score0.00504EPSS
Exploits1References2
Imperva Blog
Imperva Blog
added 2026/06/15 8:58 a.m.29 views

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 6:43 a.m.9 views

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

8.2CVSS5.6AI score0.00504EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.8 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2346 more potentially affected by CVE-2026-45673 via io.netty:netty-resolver-dns (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-resolver-dns MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-45673 Source advisory: OSV:GHSA-XMV7-R254-6Q78...

6.8CVSS5.7AI score0.00256EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 10:59 p.m.6 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +1044 more potentially affected by CVE-2026-44894 via io.netty:netty-codec-classes-quic (>=4.2.10.Final <=4.2.14.Final)

io.netty:netty-codec-classes-quic MAVEN version =4.2.10.Final, =0.1.0, =0.1.0, =0.0.1-alfa, =0.0.1-demo, =6.0.1, =4.0.3-M1, =1.21.9, =1.0.5, =3.6.4, =1.0.1, =26.2.1, =26.6.1 and more Source cves: CVE-2026-44894 Source advisory: OSV:GHSA-CMM3-54F8-PX4J...

7.5CVSS5.7AI score0.00143EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 8:16 p.m.16 views

EUVD-2026-34916

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5506

The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 5:49 p.m.11 views

EUVD-2026-34870

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If t...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 2:16 p.m.11 views

CVE-2026-39553

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 12:41 p.m.39 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 12:41 p.m.21 views

CVE-2026-39553

CVE-2026-39553 concerns WordPress WaveRide theme versions up to 1.4, due to improper control of the filename for include/require in a PHP program, enabling Local File Inclusion (LFI). Affected software: WaveRide theme (Select-Themes) with PHP-based inclusion vulnerability. Root cause: inadequate ...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:41 p.m.10 views

CVE-2026-39553

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 8:57 a.m.44 views

CVE-2026-49201

The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...

10CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 8:57 a.m.10 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS5.8AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 8:57 a.m.51 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 8:51 a.m.13 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.8AI score0.00518EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:51 a.m.48 views

CVE-2026-49200

The CVE-2026-49200 entry affects Acer Wave 7 router firmware. The root issue is that the acer_cgi.log file is accessible without authentication via the web interface, and this log contains cleartext credentials for web and Telnet. This exposure can lead to unauthorized system access and high impa...

10CVSS5.8AI score0.00518EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/29 8:51 a.m.51 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS0.00518EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability arises from the acercgi.log file, which can be accessed via a web interface without authentication, containing plaintext logi...

10CVSS5.8AI score0.00518EPSS
Exploits0References1
Rows per page
Query Builder