π¨ CVE-2026-15133
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
π¨ CVE-2026-54499
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.
π@cveNotify
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.
π@cveNotify
GitHub
Remove all codepaths that allow for weights_only=False. See https://β¦ Β· stanfordnlp/stanza@b745008
β¦github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c
π¨ CVE-2026-54772
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Surface premature EOF in net.tcp framing handshake read loops Β· CoreWCF/CoreWCF@03ddbce
The via-decode loop in DuplexFramingMiddleware and SingletonFramingMiddleware
called PipeReader.ReadAsync without checking readResult.IsCompleted and
without passing a cancellation token. When the ...
called PipeReader.ReadAsync without checking readResult.IsCompleted and
without passing a cancellation token. When the ...
π¨ CVE-2026-54773
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Bind WS-Security signature lookup and verification target to the Secu⦠· CoreWCF/CoreWCF@0589692
β¦rity header
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
π¨ CVE-2026-54774
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Fix SAML signature bypass when signing token is non-X509 (COREWCF-202β¦ Β· CoreWCF/CoreWCF@65d0902
β¦6-006)
SamlSerializer.ReadToken validates the signature on a SAML 1.1 assertion
in two branches based on the type of signing token resolved by the
out-of-band token resolver:
* X509SecurityTok...
SamlSerializer.ReadToken validates the signature on a SAML 1.1 assertion
in two branches based on the type of signing token resolved by the
out-of-band token resolver:
* X509SecurityTok...
π¨ CVE-2026-54775
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Fix Kafka tombstone halts consume pump Β· CoreWCF/CoreWCF@1a229d0
A Kafka tombstone (Message.Value == null, a legal log-compaction record)
caused KafkaTransportPump.OnConsumeMessage to throw ArgumentNullException
when constructing ReadOnlySequence<byte&...
caused KafkaTransportPump.OnConsumeMessage to throw ArgumentNullException
when constructing ReadOnlySequence<byte&...
π¨ CVE-2026-54776
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Defer remote security creation in PosixIdentity stream upgrade acceptor Β· CoreWCF/CoreWCF@9944312
UnixPosixIdentitySecurityUpgradeAcceptor was eagerly initializing
_remoteSecurity to an empty SecurityMessageProperty in its constructor.
StreamSecurityUpgradeAcceptor.GetRemoteSecurity is document...
_remoteSecurity to an empty SecurityMessageProperty in its constructor.
StreamSecurityUpgradeAcceptor.GetRemoteSecurity is document...
π¨ CVE-2026-54778
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Use reentrant getpwuid_r/getgrgid_r for POSIX identity resolution Β· CoreWCF/CoreWCF@a3d95ea
Replace the non-reentrant getpwuid/getgrgid imports with their _r
variants that take a caller-supplied buffer. The previous
implementation could return inconsistent results when multiple threads
re...
variants that take a caller-supplied buffer. The previous
implementation could return inconsistent results when multiple threads
re...
π¨ CVE-2026-54779
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Make DefaultTokenReplayCache.TryAdd reject duplicates Β· CoreWCF/CoreWCF@3800c4e
IdentityConfiguration.DetectReplayedTokens has been wired into
SamlTokenValidationParameters since the original port (sets
ValidateTokenReplay = true and supplies a TokenReplayCache to the inner
Mi...
SamlTokenValidationParameters since the original port (sets
ValidateTokenReplay = true and supplies a TokenReplayCache to the inner
Mi...
π¨ CVE-2026-54780
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Enforce algorithm suite policy on Reference DigestMethod values Β· CoreWCF/CoreWCF@5874231
WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignatureAsync already calls EnsureAcceptableSignatureKeySize and EnsureAcceptableSignatureAlgorithm against the configured SecurityAlgorithmSuite, b...
π¨ CVE-2026-54781
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Validate SAML SubjectConfirmation methods and holder-of-key proof keys Β· CoreWCF/CoreWCF@6a99df3
The inner Microsoft.IdentityModel.Tokens.Saml SamlSecurityTokenHandler does not
enforce that the SubjectConfirmationMethod URIs on incoming assertions belong to
the set defined by SAML 1.1, nor doe...
enforce that the SubjectConfirmationMethod URIs on incoming assertions belong to
the set defined by SAML 1.1, nor doe...
π¨ CVE-2026-54782
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Resolve issuer signing key for SAML token validation Β· CoreWCF/CoreWCF@0b8c8af
Provide an IssuerSigningKeyResolver that returns the X509 key used by the inbound SAML 1.1/2.0 assertion, sourced from the resolved SigningToken or the assertion's KeyInfo X509Data, and req...
π¨ CVE-2026-54783
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
π@cveNotify
GitHub
Bind WS-Security signature lookup and verification target to the Secu⦠· CoreWCF/CoreWCF@0589692
β¦rity header
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
Refactor signature verification so an attacker can no longer steer the
receiver into validating the wrong ds:Signature, while still allowing
legitimate signatures that cover addressin...
π¨ CVE-2026-59723
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30.
π@cveNotify
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30.
π@cveNotify
GitHub
fix(hub): validate dashboard websocket host and origin (#11724) Β· cline/cline@d092709
* fix(hub): validate browser websocket origins
* test(hub): cover websocket host and origin gates
* fix(hub): allow explicit bind host for dashboard socket
* fix(hub): default protect browser ro...
* test(hub): cover websocket host and origin gates
* fix(hub): allow explicit bind host for dashboard socket
* fix(hub): default protect browser ro...
π¨ CVE-2020-23450
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
π@cveNotify
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
π@cveNotify
Abuyv
Abuyv is under construction
Just another WordPress site
π¨ CVE-2020-24193
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
π@cveNotify
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
π@cveNotify
Exploit Database
Daily Tracker System 1.0 - Authentication Bypass
Daily Tracker System 1.0 - Authentication Bypass.. webapps exploit for PHP platform
π¨ CVE-2020-24194
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
π@cveNotify
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
π@cveNotify
Cxsecurity
Daily Tracker System - Reflected Cross Site Scripting (XSS) - CXSecurity.com
hyd3sec has realised a new security note Daily Tracker System - Reflected Cross Site Scripting (XSS)
π¨ CVE-2020-21731
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
π@cveNotify
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
π@cveNotify
π¨ CVE-2020-21732
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
π@cveNotify
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
π@cveNotify
GitHub
BugReport/CVE-2020-21732 at master Β· Gr3gPr1est/BugReport
Contribute to Gr3gPr1est/BugReport development by creating an account on GitHub.
π¨ CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
π@cveNotify
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
π@cveNotify
GitHub
BugReport/CVE-2020-21733 at master Β· Gr3gPr1est/BugReport
Contribute to Gr3gPr1est/BugReport development by creating an account on GitHub.
π¨ CVE-2020-23451
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
π@cveNotify
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
π@cveNotify
Abuyv
Abuyv is under construction
Just another WordPress site