75081 matches found
CVE-2026-46107
In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...
CVE-2026-8363
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...
CVE-2026-44346
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...
CVE-2026-9035
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...
CVE-2026-5260
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...
CVE-2026-9580
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...
CVE-2025-13755
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-25104
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability...
CVE-2026-24590
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...
CVE-2026-9496
Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...
CVE-2026-9452
A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...
CVE-2026-9436
A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...
CVE-2026-9404
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...
CVE-2026-9355
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
CVE-2026-8477
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...
CVE-2026-8672
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...
CVE-2026-4093
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-1815
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-40102
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...
CVE-2026-8771
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...
CVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-45315
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...
CVE-2026-8578
Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-42897
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32177
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...
CVE-2026-43894
jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...
CVE-2026-8268
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPIlistcreate of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed ...
CVE-2026-8210
A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...
CVE-2026-42339
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...
CVE-2026-6659
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...
CVE-2026-43278
In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...
CVE-2026-43252
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...
CVE-2026-7698
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
CVE-2026-31699
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...
CVE-2026-31698
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...
CVE-2026-41651
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...
CVE-2026-26274
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...
CVE-2026-33822
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
CVE-2026-31423
In the Linux kernel, the following vulnerability has been resolved: net/sched: schhfsc: fix divide-by-zero in rtscmin m2sm converts a u32 slope to a u64 scaled value. For large inputs e.g. m1=4000000000, the result can reach 2^32. rtscmin stores the difference of two such u64 values in a u32...
CVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-33250
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
CVE-2025-71265
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite lo...
CVE-2026-31806
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...
CVE-2026-31974
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...
CVE-2026-29074
SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...
CVE-2026-28772
A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...
CVE-2026-20801
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
CVE-2026-24772
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...