Skip to main content
CVE-2024-8010 LOW PATCH Monitor

The component accepts XML input through the publisher without disabling external entity resolution. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Wso2 Api Manager
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-3155 LOW Monitor

The OneSignal - Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete OneSignal metadata for arbitrary posts.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-41080 LOW PATCH Monitor

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Information Disclosure Libexpat
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-27820 LOW PATCH GHSA Monitor

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Buffer Overflow Zlib
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy