CVE-2026-45159

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...

Agent Zero 跨站脚本漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

Astra Linux - уязвимость в golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

PX4 Drone Autopilot 安全漏洞

PX4 Drone Autopilot is an open-source version of the PX4 drone autopilot system. There are security vulnerabilities in versions 1.12.x to 1.15.x of PX4 Drone Autopilot, which stem from a faulty logic protection mechanism for the power-recovery interval. These vulnerabilities could potentially lea...

CVE-2026-26741

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...

CVE-2026-26742

The CVE affects PX4 Autopilot versions 1.12.x–1.15.x, where the Re-arm Grace Period protection logic can incorrectly apply in-air re-arm behavior to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds after an automatic landing (default config), pre-flight safety che...

Linux Distros Unpatched Vulnerability : CVE-2025-61731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The cgo pkg-config:...

Linux Distros Unpatched Vulnerability : CVE-2025-68119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from...

Linux Distros Unpatched Vulnerability : CVE-2025-61728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-61730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensio...

CVE-2025-58936

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue affects Catamaran: from n/a through = 1.15...

CVE-2025-58936

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue affects Catamaran: from n/a through = 1.15...

CVE-2025-58888

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through = 1.15...

CVE-2025-58936

CVE-2025-58936 affects WordPress Catamaran theme versions

CVE-2025-58935 WordPress Lunna theme <= 1.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through = 1.15...

CVE-2025-58888 WordPress The Flash theme <= 1.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through = 1.15...