[SECURITY] Fedora 43 Update: coturn-4.11.0-1.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

GHSA-CVWM-VWHP-22JX org.linlinjava:litemall-wx-api has an Injection issue

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...

EUVD-2026-30709

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...

CVE-2026-8771

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

PT-2026-41675

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Insufficient URL path sanitization allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API. By using unencoded dot sequences in task identifiers or...

PT-2026-41653

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if team id was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

EUVD-2026-30770

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

PT-2026-41725

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description An insecure file permission issue exists in the refresh-free configuration rewrite path. When the software rewrites the configuration file, it creates the replacement using default process umask...

PT-2026-41642

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the create post channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update an...

PT-2026-41718

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A stored cross-site scripting issue exists in asset fields, specifically name, description, modelNumber, serialNumber, and tags. These fields are stored without server-side sanitization and...

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

chroma 代码注入漏洞

Chroma is an open-source AI data infrastructure tool developed by Chroma. Versions of Chroma 1.0.0 and later have a code injection vulnerability. This vulnerability stems from a pre-authentication code injection issue, allowing unauthenticated attackers to execute arbitrary code on the server by...

litemall 注入漏洞

Litemall is a small shopping system developed by Linlinjava’s developers. Versions of Litemall 1.8.0 and earlier had a injection vulnerability. This vulnerability originated from a function in the Front-end WeChat API, specifically the list function in the...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

PT-2026-41793

Name of the Vulnerable Software and Affected Versions Sulu versions prior to 2.6.23 Sulu versions prior to 3.0.6 Description Sulu is an open-source PHP content management system based on the Symfony framework. The generation of API keys and password reset tokens utilizes a weak cryptographical ha...

MantisBT 2.23.0 < 2.28.2 Private Bugnote Attachment Content Leak (GHSA-pw5x-2mf9-3xc8)

The version of MantisBT installed on the remote host is 2.23.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has a Private Bugnote Attachment Content Leak via REST API. CVE-2026-42071 Note that Nessus has not tested for this issue but has instead relied...

CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

CVE-2026-8771

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...