Skip to content

Menu
  • Home
Menu

CVE-2026-10130 – QueryWeaver Authentication Bypass via Email Signup Token Issuance for Existing Accounts

Posted on July 19, 2026

CVE ID :CVE-2026-10130 Published : July 18, 2026, 11:17 p.m. | 1 hour, 18 minutes ago Description :QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing…

CVE-2026-12228 – Stored XSS in Direct Messages via Prompt Sharing in parisneo/lollms

Posted on July 19, 2026

CVE ID :CVE-2026-12228 Published : July 18, 2026, 9:17 p.m. | 3 hours, 18 minutes ago Description :A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms (latest version). The…

CVE-2026-9323 – Insecure PRNG and Information Exposure in urwid Web Display Backend

Posted on July 19, 2026

CVE ID :CVE-2026-9323 Published : July 18, 2026, 2:17 p.m. | 10 hours, 18 minutes ago Description :The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by concatenating two random.randrange(10**9)…

CVE-2026-16117 – @fastify/http-proxy vulnerable to prefix escape via URL-encoded characters

Posted on July 19, 2026

CVE ID :CVE-2026-16117 Published : July 18, 2026, 2:17 p.m. | 10 hours, 18 minutes ago Description :Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix…

CVE-2026-11826 – OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()

Posted on July 19, 2026

CVE ID :CVE-2026-11826 Published : July 18, 2026, 2:17 p.m. | 10 hours, 18 minutes ago Description :OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() reads characters between two…

CVE-2026-55518 – Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Posted on July 18, 2026

CVE ID :CVE-2026-55518 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and…

CVE-2026-54498 – view_component: around_render HTML-Safety Bypass

Posted on July 18, 2026

CVE ID :CVE-2026-54498 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From…

CVE-2026-54466 – websocket-driver: Message corruption via abuse of protocol length headers

Posted on July 18, 2026

CVE ID :CVE-2026-54466 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft…

CVE-2026-54159 – ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE

Posted on July 18, 2026

CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module…

CVE-2026-53727 – css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

Posted on July 18, 2026

CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 3 hours, 17 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and…

Posts pagination

1 2 … 113 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme