Aggregator

A vulnerability marked as critical has been reported in stb 2.27. Impacted is the function stbi__jpeg_load of the file stb_image.h. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2021-37789. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in stb 2.26 and classified as critical. This issue affects the function stbi__extend_receive of the file stb_image.h of the component JPEG File Handler. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2021-28021. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as problematic has been found in PHP Jabbers Time Slots Booking Calendar 4.0. This impacts an unknown function. Performing a manipulation of the argument name/plugin_sms_api_key/plugin_sms_country_code/calendar_id/title/country name/customer_name results in basic cross site scripting. This vulnerability was named CVE-2023-48827. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in GaatiTrack Courier Management System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file ajax.php of the component Login. Performing a manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2023-48823. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in PHP Jabbers Time Slots Booking Calendar 4.0. The impacted element is an unknown function of the component Reservations List Handler. The manipulation results in csv injection. This vulnerability is reported as CVE-2023-48826. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability has been found in Availability Booking Calendar 5.0 and classified as problematic. Impacted is an unknown function. Performing a manipulation of the argument SMS API Key/Default Country Code results in basic cross site scripting. This vulnerability is identified as CVE-2023-48825. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in BoidCMS 2.0.1. It has been rated as problematic. This impacts an unknown function. This manipulation of the argument title/subtitle/footer/keywords causes cross site scripting. This vulnerability is registered as CVE-2023-48824. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in kkFileView 4.3.0. Impacted is an unknown function. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2023-48815. The attack requires access to the local network. No exploit is available.

Currently trending CVE - Hype Score: 8 - Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Cybercrime group ShinyHunters leaked the full Odido dataset, the Netherlands is facing the biggest data leak in its history. Odido is a Dutch telecommunications company and one of the largest mobile network operators in the Netherlands. It was formed when T-Mobile Netherlands and Tele2 were rebranded as Odido in 2023 after private equity firms Apax Partners and Warburg Pincus […]

A vulnerability marked as critical has been reported in WP Mail Logging Plugin up to 1.15.0 on WordPress. The affected element is the function maybe_unserialize of the component Log Message Handler. The manipulation leads to deserialization. This vulnerability is listed as CVE-2026-2471. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Tutor LMS Plugin up to 3.9.4/3.9.6 on WordPress. The impacted element is an unknown function. The manipulation of the argument coupon_code results in sql injection. This vulnerability is cataloged as CVE-2025-13673. The attack may be launched remotely. There is no exploit available.

OpenSSF и участники экосистем обсуждают обязательные взносы для компаний, которые используют open source-инфраструктуру в промышленных масштабах.

A vulnerability was found in Linux Kernel up to 6.0.6. It has been classified as critical. This affects the function nsim_drv_probe of the component netdevsim. This manipulation causes memory leak. This vulnerability is registered as CVE-2022-50500. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.1. This affects the function binfmt_misc. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2022-50497. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.