๐จ CVE-2026-58303
Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e.
๐@cveNotify
Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e.
๐@cveNotify
GitHub
Various reports ยท Issue #1571 ยท Samsung/escargot
Escargot (please complete the following information): OS: Ubuntu 25.04 Revision 4751494 report.md
๐จ CVE-2026-58304
Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
๐@cveNotify
Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
๐@cveNotify
GitHub
OOB in ArrayBuffer.prototype.transfer ยท Issue #1573 ยท Samsung/escargot
Escargot (please complete the following information): OS: Ubuntu 25.04 Revision 4751494 Debug: CC=clang CXX=clang++ cmake -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja Describe the bug OOB ...
๐จ CVE-2026-58305
Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.
This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
๐@cveNotify
Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.
This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
๐@cveNotify
GitHub
Type Confusion in arrayDefineOwnPropertyBySpreadElementOperation ยท Issue #1574 ยท Samsung/escargot
Escargot (please complete the following information): OS: Ubuntu 25.04 Revision [4751494] Note: works on latest revision Describe the bug Object Layout confusion in arrayDefineOwnPropertyBySpreadEl...
๐จ CVE-2026-58306
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98.
๐@cveNotify
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98.
๐@cveNotify
GitHub
Heap Buffer Overflow in Escargot::Interpreter::interpret ยท Issue #1576 ยท Samsung/escargot
Escargot (please complete the following information): OS: Ubuntu 25.04 Revision 4751494 Note: works also in latest revision Code: function F0() { if (!new.target) { throw 'must be called with n...
๐จ CVE-2026-58307
Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation.
This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.
๐@cveNotify
Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation.
This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.
๐@cveNotify
GitHub
Various reports ยท Issue #1577 ยท Samsung/escargot
Escargot (please complete the following information): OS: Ubuntu 25.04 Revision d6aae07 How to build Escargot: git clone https://github.com/Samsung/escargot git submodule update --init third_party ...
๐จ CVE-2026-9028
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to cancel any WooCommerce order placed via the CorvusPay payment method by supplying an arbitrary order number to the /wp-json/corvuspay/cancel/ REST endpoint.
๐@cveNotify
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to cancel any WooCommerce order placed via the CorvusPay payment method by supplying an arbitrary order number to the /wp-json/corvuspay/cancel/ REST endpoint.
๐@cveNotify
๐จ CVE-2026-15184
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503.
๐@cveNotify
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503.
๐@cveNotify
GitHub
CVE-Repos/libredwg/libredwg_0b57303_dwggrep_segv_null_read_dwg_next_entity_dwg.c_1231.dwg at main ยท HackC0der/CVE-Repos
Contribute to HackC0der/CVE-Repos development by creating an account on GitHub.
๐จ CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2026-48950
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
๐@cveNotify
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48951
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
๐@cveNotify
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48952
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
๐@cveNotify
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48953
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
๐@cveNotify
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48954
Improper validation leads to a generic XSS vector in the language override feature.
๐@cveNotify
Improper validation leads to a generic XSS vector in the language override feature.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
๐@cveNotify
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2022-26258
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
๐@cveNotify
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
๐@cveNotify
๐จ CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
๐@cveNotify
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
๐@cveNotify
Claroty
CVE-2023-38950
๐จ CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.
๐@cveNotify
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.
๐@cveNotify
Gist
CVE-2024-41597
CVE-2024-41597. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-48948
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
๐@cveNotify
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-13126
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
๐@cveNotify
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
๐@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.