| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible |
| rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rust_v0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3. |
| OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData). |
| EIPStackGroup OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser to continue reading fields even when request data is insufficient. This issue is remotely triggerable via network traffic and does not require authentication. |
| Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library.
Image::EPEG includes Epeg 0.9.0 that was last updated in 2004.
Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally. |
| Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. |
| Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network. |
| An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link. |
| An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests. |
| NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL() function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete keyword blacklist that did not restrict PostgreSQL system catalog tables such as pg_shadow, pg_roles, and pg_stat_activity, allowing an admin-role user to read password hashes and database metadata through the SQL Collection feature. This vulnerability is fixed in 2.1.0-alpha.46. |
| Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack. |
| Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally. |
| Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly escaped. This issue is fixed in version 3.26.0. |
| Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts() or allowMediaHosts() because UrlSanitizer::parse() follows RFC 3986 while browsers follow WHATWG URL parsing, and because <area href> is checked against the media policy rather than the link policy. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally. |