EUVD-2026-38789

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

SickChill - Open Redirect

SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...

October CMS - Remote Code Execution

October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...

EUVD-2026-38569

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...

CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

CVE-2026-56446

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...

CVE-2026-12022

The following flaw was identified in the Chromium browser: Race Safe Browsing. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516929496...

Chromium: CVE-2026-12454 Race in Safe Browsing

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing the variable “clk”, so it needs to use listforeachentrysafe. Otherwise, it will dereference a freed variable to obtain the next item in the loop...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fix for dma-fence safe access rules Commit 506aa8b02a8d6 “dma-fence: Add safe access helpers and document the rules” details the dma-fence safe access rules. The most common issue is that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not use btrfssetitemkeysafe on RAID stripe-extents. Do not use btrfssetitemkeysafe to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - For partitions: fixed handling of bogus partition tables. Several issues in partition probing have been fixed: - The bailout mechanism for a bad partoffset must use putdevsector, since the previous readpartsector call...

CVE-2026-12454

A race flaw was found in the Safe Browsing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516926968...

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

CVE-2026-12048

CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...

SUSE CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

PT-2026-50814

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...

EUVD-2026-37539

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12454

Google Chrome on macOS is affected by CVE-2026-12454 due to a race in the Safe Browsing path of the Chromium rendering process. The issue could allow a remote attacker who has already compromised the renderer to escape the sandbox via a crafted HTML page. The vulnerability is tied to Chrome versi...