CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

CVE-2026-43203

In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in tasklets during device removal When the PCA-200E or SBA-200E adapter is being detached, the fore200e is deallocated. However, the txtasklet or rxtasklet may still be running or pending, leadin...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wave5 driver’s automatic suspension mode that enters a suspended state due to an excessive...

CVE-2026-39383

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

PT-2026-37310

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description The thread posting and reply feature allows user-supplied content to be stored server-side and rendered on the thread page...

Fedora 45 : opencryptoki (2026-d63e3968e8)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d63e3968e8 advisory. Automatic update for opencryptoki-3.26.0-3.fc45. Changelog Tue May 5 2026 Than Ngo - 3.26.0-3 - Fix rhbz2432016: CVE-2026-23893, Privilege Escalation or Data...

aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

WordPress Automatic YouTube Gallery plugin <= 2.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Automatic YouTube Gallery versions = 2.5.5...

Fedora 42 : pyp2spec (2026-91671b8061)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-91671b8061 advisory. Automatic update for pyp2spec-0.14.1-1.fc42. Changelog for pyp2spec Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves:...

CVE-2025-36122 IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...

CVE-2025-36122

CVE-2025-36122 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.3 for Linux, UNIX and Windows (including DB2 Connect Server). An authenticated user can cause a denial of service via a specially crafted SQL query due to improper allocation of system resources when stmtheap is set to AUTOMATIC. CVSS v...

Download of Code Without Integrity Check

Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check via the verifyDownload function that does not perform integrity or authenticity verification of downloaded update. An attacker can execute arbitrary code by supplying a malicious executable that ...

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42249

CVE-2026-42249 affects Ollama for Windows and is a remote code execution in the update mechanism caused by improper handling of attacker-controlled HTTP response headers. Update file paths are built from header-derived values and passed to filepath.Join, enabling path traversal (../) and writing ...

EUVD-2026-26211

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

PT-2026-35912

Name of the Vulnerable Software and Affected Versions Ollama for Windows versions 0.12.10 through 0.17.5 Description The update mechanism in Ollama for Windows allows Remote Code Execution due to improper handling of attacker-controlled HTTP response headers. The application constructs local file...