38410 matches found
CVE-2018-25224 PMS 0.42 Stack-Based Buffer Overflow via Configuration File
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...
Exploit for CVE-2025-31337
CVE-2025-31337 Security Advisory CVE ID: CVE-2025-313...
EUVD-2026-16905
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The CVE affects the SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress (all versions up to 2.5.2). The root cause is that create_payment_intent() validates the payment amount using a user-controlled parameter, enabling unauthenticated attackers to bypass confi...
[SECURITY] Fedora 42 Update: dotnet9.0-9.0.115-1.fc42
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
SUSE CVE-2026-32953
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI-and thus the same key...
SUSE CVE-2026-33313
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...
SUSE CVE-2026-33535
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...
PT-2026-28706
Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2 Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment...
Security update for tomcat11 (important)
openSUSE security update: security update for tomcat11 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20414-1 Rating: important References: bsc1253460 bsc1258371 bsc1258385 bsc1258387 Cross-References: CVE-2025-66614 CVE-2026-24733 CVE-2026-24734...
Security update for vim (important)
openSUSE security update: security update for vim ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20403-1 Rating: important References: bsc1246602 bsc1258229 bsc1259051 Cross-References: CVE-2025-53906 CVE-2026-26269 CVE-2026-28417 CVSS scores:...
EUVD-2026-16324
path-to-regexp vulnerable to Denial of Service via sequential optional groups...
CVE-2026-33979
Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...
CVE-2026-33891
A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...