π¨ CVE-2024-36600
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
π@cveNotify
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
π@cveNotify
π¨ CVE-2023-23357
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
π@cveNotify
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
π@cveNotify
π¨ CVE-2025-26627
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-30899
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
π@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress User Registration Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-8944
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
π@cveNotify
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
π@cveNotify
WPScan
OceanWP < 4.1.2 - Subscriber+ Limited Option Update
See details on OceanWP < 4.1.2 - Subscriber+ Limited Option Update CVE 2025-8944. View the latest Theme Vulnerabilities on WPScan.
π¨ CVE-2025-55089
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
π@cveNotify
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
π@cveNotify
GitHub
Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability
### Summary
A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially crafted set of network packets can lead to ...
A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially crafted set of network packets can lead to ...
π¨ CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
GitHub
Remove sql comments and add different exception on syntax error (#14972) Β· pimcore/pimcore@25ad867
Core Framework for the Open Core Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce) - Remove sql comments and add different exception on syntax error (#14972) Β· pimcore/pimcore@25ad867
π¨ CVE-2026-23493
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
GitHub
[Security]: Remove and disable sensitive data log in http error Log β¦ Β· pimcore/pimcore@002ec7d
β¦(#18918)
* Remove sensitive data from error logging
Removed logging of POST parameters, cookies, and server variables.
* create migration
* further cleanup
* typo
* typo
* Remove sensitive data from error logging
Removed logging of POST parameters, cookies, and server variables.
* create migration
* further cleanup
* typo
* typo
π¨ CVE-2026-23494
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.
π@cveNotify
GitHub
[Bug]: Fix Static Route permission by kingjia90 Β· Pull Request #18893 Β· pimcore/pimcore
Changes in this pull request
Resolves #
Additional info
Looking at
pimcore/bundles/StaticRoutesBundle/public/js/startup.js
Line 25
in
df14e02
...
Resolves #
Additional info
Looking at
pimcore/bundles/StaticRoutesBundle/public/js/startup.js
Line 25
in
df14e02
...
π¨ CVE-2023-23354
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
π@cveNotify
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.5.0.738 ( 2023/03/06 ) and later
QuLog Center 1.4.1.691 ( 2023/03/01 ) and later
QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
π@cveNotify
π¨ CVE-2026-0905
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
π@cveNotify
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
π¨ CVE-2025-11468
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
π@cveNotify
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
π@cveNotify
GitHub
Fix folding of long comments of unfoldable characters in email headers Β· Issue #143935 Β· python/cpython
Linked PRs gh-143936 gh-144034 gh-144035 gh-144036 gh-144037
π¨ CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
π@cveNotify
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
π@cveNotify
GitHub
Reject control characters in data: URL mediatypes Β· Issue #143925 Β· python/cpython
Linked PRs gh-143926 gh-144084
π¨ CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
π@cveNotify
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
π@cveNotify
GitHub
Reject control characters in IMAP commands Β· Issue #143921 Β· python/cpython
Linked PRs gh-143922
π¨ CVE-2025-15367
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
π@cveNotify
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
π@cveNotify
GitHub
Reject control characters in POP3 commands Β· Issue #143923 Β· python/cpython
Linked PRs gh-143924
π¨ CVE-2025-11468
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
π@cveNotify
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
π@cveNotify
GitHub
gh-143935: Email preserve parens when folding comments (#143936) Β· python/cpython@17d1490
Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line...
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line...
π¨ CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
π@cveNotify
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
π@cveNotify
GitHub
gh-143925: Reject control characters in data: URL mediatypes Β· python/cpython@f25509e
The Python programming language. Contribute to python/cpython development by creating an account on GitHub.
π¨ CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
π@cveNotify
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
π@cveNotify
GitHub
gh-143921: Reject control characters in IMAP commands Β· python/cpython@6262704
The Python programming language. Contribute to python/cpython development by creating an account on GitHub.
π¨ CVE-2025-15367
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
π@cveNotify
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
π@cveNotify
GitHub
gh-143923: Reject control characters in POP3 commands Β· python/cpython@b234a2b
The Python programming language. Contribute to python/cpython development by creating an account on GitHub.
π¨ CVE-2026-0672
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
π@cveNotify
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
π@cveNotify
GitHub
gh-143919: Reject control characters in http cookies Β· python/cpython@95746b3
Co-authored-by: Bartosz SΕawecki <bartosz@ilikepython.com>
Co-authored-by: sobolevn <mail@sobolevn.me>
Co-authored-by: sobolevn <mail@sobolevn.me>
π¨ CVE-2026-0865
User-controlled header names and values containing newlines can allow injecting HTTP headers.
π@cveNotify
User-controlled header names and values containing newlines can allow injecting HTTP headers.
π@cveNotify
GitHub
[3.13] gh-143916: Reject control characters in wsgiref.headers.Header⦠· python/cpython@22e4d55
β¦s (GH-143917) (#143973)
gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917)
* Add 'test.support' fixture for C0 control characters
* gh-143916: Reject co...
gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917)
* Add 'test.support' fixture for C0 control characters
* gh-143916: Reject co...