CVE-2026-44843 LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...

CVE-2026-24711

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

CVE-2026-24712

CVE-2026-24712 affects Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0, where a component/flow allows Command injection. The connected documents confirm the vulnerability is present in those versions; no explicit root-cause details or remediation steps are prov...

CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

CVE-2026-34718

CVE-2026-34718 affects Zammad, a web-based open source helpdesk system. The vulnerability stems from improper sanitization in the HTML sanitizer for ticket articles, which failed to neutralize certain data URI schemes, allowing malicious content to be stored in the database. The issue is mitigate...

CVE-2026-34781

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decod...

EUVD-2026-13355

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

CVE-2025-61646

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-6591

CVE-2025-6591 affects Wikimedia Foundation MediaWiki, specifically the ApiFeedContributions.Php program file. The vulnerability enables HTML injection in the API output (action=feedcontributions) and affects MediaWiki releases listed as vulnerable before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. Red H...

CVE-2025-6595

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

WordPress plugin Relevanssi和WordPress plugin Relevanssi Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

PT-2025-41899

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox ESR versions prior to 115.29 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 Description A flaw existed that allowed modification of JavaScript...

CVE-2025-34224

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose a set of PHP scripts under the consolerelease directory without requiring authentication. An unauthenticated remote attacker can invoke these...

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional versions prior to 7.6.0, prior to 7.3.0.10, prior to 6.1.2.27, prior to 6.0, prior to...