CVE-2026-25745

OpenEMR (versions up to 8.0.0) is affected by CVE-2026-25745. The issue arises in the message/note update endpoint (e.g., PUT/POST), which updates by message/note ID without verifying that the message belongs to the current patient or that the user is permitted to edit that patient’s notes. An au...

EUVD-2026-12908

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix ISCHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fsrecoverinodepage. The issue occurred under th...

CVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix ISCHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fsrecoverinodepage. The issue occurred under th...

CVE-2026-23267

The CVE-2026-23267 issue is a Linux kernel f2fs race where an IS_CHECKPOINTED flag inconsistency during atomic commits could cause an -EINVAL in f2fs_recover_inode_page. The root cause is a race between f2fs_ioc_commit_atomic_write and f2fs_write_checkpoint, with the last_folio’s nat_entry flag n...

PT-2026-26168

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...

GHSA-2HCP-GJRF-7FHC Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

EUVD-2025-208761

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

CVE-2025-69809

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet...

EUVD-2026-12267

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

PT-2026-25795

🔴 CVE-2025-69808 - Critical An out-of-bounds memory access OOB in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service DoS via supplying a cr... https://t.co/BIkRuinRp1 https://t.co/jAAznHmSRJ...

PT-2026-25794

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from read q...

CVE-2026-4198

The CVE affects hypermodel-labs/mcp-server-auto-commit 1.0.0. The vulnerability is in the getGitChanges function of index.ts, enabling command injection via a local attack. An exploit has been publicly disclosed. A patch is available (hash: f7d992c830c5f2ec5749852e66c0195e3ed7fe30) and applying i...

CVE-2026-4198 hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

PT-2026-25573

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

OpenClaw: Sandbox `writeFile` commit could race outside the validated path

Summary In affected versions of openclaw, the sandbox fs-bridge writeFile commit step used an unanchored container path during the final move into place. An attacker racing parent-path changes inside the sandbox could redirect the committed file outside the validated sandbox path. Impact This is ...

EUVD-2026-11331

xygeni-action v5 tag poisoned with C2 backdoor...

GHSA-F8Q5-H5QH-33MH xygeni-action v5 tag poisoned with C2 backdoor

Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...