0.0
CVE-2026-27201 -
Further research determined the situation described is not a vulnerability.
0.0
CVE-2026-27200 -
Further research determined the situation described is not a vulnerability.
7.8
CVE-2026-0875 - MODEL File Parsing Out-of-Bounds Write
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
7.8
CVE-2026-0874 - CATPART File Parsing Out-of-Bounds Write
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
5.3
CVE-2026-2663 - Alixhan xh-admin-backend Database Query query sql injection
A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It isβ¦
4.8
CVE-2026-2662 - FascinatedBox lily lily_emitter.c count_transforms out-of-bounds
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could β¦
4.8
CVE-2026-2661 - Squirrel sqobject.h operator heap-based overflow
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be usβ¦
5.4
CVE-2026-25500 - Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1β¦
7.5
CVE-2026-22860 - Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`βs path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directβ¦
5.4
CVE-2025-69287 - BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibilβ¦