CVE-2026-47905

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-34711 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

CVE-2026-47903

CAI Content Credentials (versions [email protected], c2pa-v0.80.1 and earlier) are affected by an Improper Input Validation vulnerability that can crash the application and cause a denial of service. Exploitation does not require user interaction and is described with a local attack vector, no privi...

PT-2026-48285

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and c2pa-v0.80.1 and earlier Description An uncontrolled resource consumption issue allows an attacker to exhaust system resources, leading to an application denial-of-service condition. This...

PT-2026-48282

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials version c2pa-v0.80.1 Description An integer overflow or wraparound occurs, which can be exploited by an attacker to crash the application. This leads to a...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1696)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1696 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized...

CVE-2024-55020

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...

EUVD-2024-55458

Incorrect access control in the component downloadwb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...

PT-2026-22776

Incorrect access control in the component download wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...

Pi-hole Ad-Blocker Detection Consolidation

Consolidation of Pi-hole Ad-Blocker detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2023-27560

Malicious code in bioql PyPI...

EUVD-2023-43919

Malicious code in bioql PyPI...

CVE-2025-8066

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2...

CVE-2025-45315

CVE-2025-45315 describes an XSS vulnerability in hortusfox-web v4.4 via the /controller/admin.php endpoint, exploitable by injecting a crafted payload into the email parameter to execute JavaScript in a user’s browser. The underlying cause is misuse/insufficient sanitization of the email input, e...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...

The vulnerability of the document viewer library in the web version of the eXpress communication system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary Java Script code.

The vulnerability of the document viewer library in the web version of the eXpress communication system is due to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary Java Script code by sending a specially crafted file...

FreeBSD : element-web -- several vulnerabilities (ab4e6f65-a142-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab4e6f65-a142-11ef-84e9-901b0e9408dc advisory. Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if...

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...