CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

CVE-2025-33244

Summary: CVE-2025-33244 is addressed in NVIDIA Apex for Linux. The issue involves deserialization of untrusted data in NVIDIA APEX (affecting environments using PyTorch

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: mingw-expat (UTSA-2026-004808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004808 advisory. An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals...

CVE-2025-58183 affecting package gh for versions less than 2.62.0-10

CVE-2025-58183 affecting package gh for versions less than 2.62.0-10. A patched version of the package is available...

CVE-2025-67539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...

CVE-2025-26694

Null pointer dereference for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially...

CVE-2025-0689 affecting package grub2 for versions less than 2.06-15

CVE-2025-0689 affecting package grub2 for versions less than 2.06-15. A patched version of the package is available...

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

AZL-60880 CVE-2025-32434 affecting package pytorch for versions less than 2.0.0-8

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PYSEC-2024-145

FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

PYSEC-2024-138

FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

wallabag 跨站请求伪造漏洞

wallabag is a web application that allows you to save web pages for later reading. A cross-site request forgery vulnerability exists in wallabag versions prior to 2.6.3, which stems from a vulnerability that allows an attacker to arbitrarily delete client API keys...

PT-2023-4777 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.3 Description: The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run id parameter. This is considered a low-risk issue as it...

Rancher Labs Rancher 跨站脚本漏洞

Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. Rancher Labs Rancher versions prior to 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4. A cross-site scripting vulnerability exists that stems from the presen...

SUSE CVE-2011-1013

Integer signedness error in the drmmodesetctl function in 1 drivers/gpu/drm/drmirq.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.38 and 2 sys/dev/pci/drm/drmirq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and...

CVE-2022-30230

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions...

CVE-2022-30229

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known...

CVE-2016-10882

The google-document-embedder plugin before 2.6.2 for WordPress has CSRF...

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

Vanilla Cross-Site Scripting Vulnerability

Vanilla is an open source multi-language, fully extensible forum program. A cross-site scripting vulnerability exists in Vanilla versions prior to 2.6.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the email field in the basic information...