| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions. |
| The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrators on multisite installations (or single-site installs with DISALLOW_UNFILTERED_HTML defined) to inject arbitrary JavaScript that executes for any visitor of pages embedding the affected block. |
| A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled. |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3500 build 20260520 and later |
| DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.
Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.
Attackers that can influence the error text in an application can trigger a buffer overflow. |
| Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb.
Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory (the "HTTP/2 bomb").
The headers_decode method materialises a full key+value copy per indexed reference with no running size check, and the stream_header_block_add method appends (since version 1.12) every CONTINUATION frame to the per-stream buffer unbounded.
MAX_HEADER_LIST_SIZE (default 65536) is advertised in SETTINGS but never consulted on decode. It is absent from the decoder and from the :limits export tag. |
| Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. |
| DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. |
| Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability. |
| Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality. |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability. |
