PT-2026-45722

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

CVE-2026-33797

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...

CVE-2026-3873

CVE-2026-3873 affects Avantra’s legacy built-in user account. The vulnerability arises from use of hard-coded credentials in Avantra systems and allows accessing functionality not properly constrained by ACLs in versions before 25.3.0. According to the provided metrics, the issue has CVSS 3.1 bas...

CVE-2026-30885

WWBN AVideo prior to version 25.0 exposes an unauthenticated IDOR in the /objects/playlistsFromUser.json.php endpoint, allowing an attacker to enumerate user IDs and retrieve all playlists for any user, including playlist names, video IDs, and status. Root cause is lack of authentication/authoriz...

CVE-2025-67077

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in versions prior to TeamViewer DEX Client V25 that stems from improper input validation and could lead to remote execution of arbitrary commands...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

PT-2025-47378

Name of the Vulnerable Software and Affected Versions Modular Max Serve versions prior to 25.6 Description An unsafe deserialization issue exists in Modular Max Serve when the "--experimental-enable-kvcache-agent" feature is utilized. This allows attackers to potentially execute arbitrary code. T...

BIT-MONGODB-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...

7-Zip 安全漏洞

7-Zip is a compression software from the 7-Zip open source. A security vulnerability exists in versions prior to 7-Zip 25.0.0 that originates from writing a zero value out of the heap buffer in the RAR5 handler, which could result in memory corruption and a denial of service...

Forcepoint FIE Endpoint 安全漏洞

Forcepoint FIE Endpoint is a unified endpoint security platform from Forcepoint USA that integrates various Forcepoint agents into a single interface to simplify deployment and management. A security vulnerability exists in Forcepoint FIE Endpoint versions prior to 25.05 that stems from an...

Bitcoin Core 安全漏洞

Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core versions prior to 25.0. An attacker exploiting the vulnerability could affect the download status of other peers by sending variant blocks...

Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary...