EUVD-2026-22193

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability where the frontend's MdRenderer.vue component parses custom tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitizatio...

CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

EUVD-2026-22180

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

PT-2026-32717

CVE-2026-20806 Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally. https://t.co/pPGYfQ4IPk...

PT-2026-32831

🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...

PT-2026-32771

CVE-2026-27909 Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. https://t.co/EEmqZf1GgX...

PT-2026-32864

Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A heap-based buffer overflow in the Microsoft Graphics Component allows an unauthorized attacker to execute arbitrary code locally and remotely, which can affect the...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Search Component has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected...

Microsoft Windows COM 安全漏洞

Microsoft Windows COM is a technology developed by Microsoft Corporation in the United States, aimed at reusing software. COM is described as a platform-independent, distributed, object-oriented system used for creating interactive binary software components. There are security vulnerabilities in...

Microsoft Graphics Component 安全漏洞

The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There are security vulnerabilities present in the Microsoft Graphics Component. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Window...

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in component names. This vulnerability may lead to stored-xss attacks, allowing attackers to...

PT-2026-32607

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP3 with UMC Description An authentication weakness exists in the UMC component due to insufficient validation of user identity. This flaw allows an unauthenticated remote attacker to bypass authentication and...

Siemens SINEC NMS

SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...

SUSE CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

EUVD-2026-22037

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

CVE-2026-34480

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

EUVD-2026-21974

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...