CVE Vulnerabilities - 17 May 2026

Debian Linux users who use Samba for file sharing may be at risk of remote code execution attacks. This means an attacker could potentially take control of a vulnerable system. Users should update the...

Perl's Crypt::OpenSSL::PKCS12 module, used for secure password handling, incorrectly truncates passwords that contain NULL characters. This can lead to reduced security for passwords that include spec...

Debian Linux systems are affected. An attacker can remotely execute code on a vulnerable system without needing a password. This can lead to unauthorized access and data theft. Users should update the...

Perl's Crypt::OpenSSL::PKCS12 module is vulnerable to a security risk when parsing large files. This could allow an attacker to potentially execute malicious code on your system. Update to the latest ...

The Peugeot Music WordPress plugin is vulnerable to a file upload issue. This means attackers can upload malicious files without needing a password, which could lead to security problems. To stay safe...

GitBucket users are at risk of unauthorized code execution. Attackers can use weak secret tokens and upload malicious files to execute system commands. Update to a patched version to prevent this risk...

Some versions of ACL Analytics have a security weakness that could allow attackers to run their own commands on the system, potentially gaining control. This means that sensitive data could be accesse...

An attacker can remotely exploit a security flaw in h2o-3's JAR Handler, allowing them to potentially take control of your system. This affects versions up to 7402. We recommend updating to the latest...

Adenhq Hive versions up to 0.11.0 contain a vulnerability that allows attackers to access unauthorized files on the server. This could potentially lead to sensitive data being compromised. Update to t...

The WordPress AI Engine plugin has a security flaw that lets attackers with lower-level accounts gain full administrator access. This is a concern because it allows unauthorized users to make changes ...

A vulnerability in VX Search 10.6.18 allows attackers to crash the application by sending a specially crafted input file. This could potentially allow an attacker to execute malicious code, but only i...

A security flaw in Allok AVI Converter 2.6.1217 allows an attacker with access to the computer to run malicious code by pasting a specially crafted text file into the software. This can lead to unauth...

A security issue in Allok Fast AVI MPEG Splitter 1.2 allows an attacker to run unauthorized code on a local computer. This could potentially be used to access or modify sensitive data. Update to the l...

If you're using an old version of Net::Statsd::Tiny for Perl, an attacker could inject malicious data into your metrics. This could lead to incorrect or misleading data. Update to version 0.3.8 or lat...

Zechat 1.5 has a security weakness that lets attackers get sensitive database information without needing a password. This could happen if someone enters a specific type of input into the chat softwar...

Zechat 1.5 is affected. Attackers can extract database information without logging in. Update to a secure version of Zechat to fix this issue.

An attacker can access sensitive information and bypass security checks without a password by submitting malicious data through the login form. This affects the Nordex N149/4.0-4.5 Wind Turbine Web Se...

The EkRishta extension for Joomla has security flaws that allow hackers to inject malicious code into user profiles and manipulate database queries. This can lead to unauthorized access to sensitive i...

The rootio-linux package for Root:Debian:12 was left unpatched, leaving systems open to unauthorized access. This could allow an attacker to gain control of your system, potentially leading to data th...

A security patch has been released for rootio-linux, a software package used by Root. This patch fixes a vulnerability that could allow unauthorized access to sensitive system data. Root users should ...

When using 'qs.stringify' with 'arrayFormat: 'comma'' and 'encodeValuesOnly: true', it may throw an error if the array contains null or undefined values. This can happen when trying to serialize data ...

A vulnerability in Vercel AI's automation feature allows attackers to execute malicious system commands remotely. This could potentially lead to unauthorized access or data modification. Vercel users ...

A security flaw in the WordPress Plugin WP with Spritz 1.0 allows anyone to access sensitive files on your website without needing a password. This could potentially expose important information like ...

An attacker can access sensitive files, such as configuration files, without authentication by exploiting a weakness in the way Google Drive for WordPress handles file requests. This could potentially...

A security issue in Woocommerce CSV Importer allows any registered user to delete files on your website. This can happen if an attacker tricks a registered user into submitting a special filename. To ...