UltraDAG 访问控制错误漏洞

UltraDAG is a lightweight IoT blockchain developed by the UltraDAGcom team. Prior versions of UltraDAG had an access control vulnerability caused by a logical flaw in the policy execution pipeline implemented in SmartTransferTx. This flaw allowed the system to check expenditure policies without...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ov5647 driver not initializing sub-devices before initialization control. This could lead to...

ELADMIN 安全漏洞

ELADMIN is a backend management system developed by elunez himself. Versions of ELADMIN 2.7 and earlier had security vulnerabilities. These vulnerabilities stemmed from an improper access control caused by the checkLevel operation in the Users API Endpoint component’s /file/rest/UserController.ja...

PT-2026-39049

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the damos walk function where ctx-walk control is set to a caller-provided control structure before verifying if the context is running. If the context is inactive, the...

PT-2026-38974

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zero vruntime tracking". The combination of yield and...

CVE-2025-67888

Control Web Panel (CWP) before 0.9.8.1209 is affected by an unauthenticated OS command injection flaw. User input passed in the GET parameter “key” to /admin/index.php (when the “api” parameter is set) is not properly sanitized, allowing an attacker to inject and execute arbitrary commands with r...

Dapr 路径遍历漏洞

Dapr is a portable, serverless, event-driven runtime developed by Dapr Open Source. Versions of Dapr from 1.3.0 to 1.15.14, as well as versions from 1.16.0-rc.1 to 1.16.14 and from 1.17.0-rc.1 to 1.17.5, have a path traversal vulnerability. This vulnerability stems from the use of reserved URL...

PT-2026-39238

Name of the Vulnerable Software and Affected Versions kanban versions 0.1.0 through 0.1.59 cline versions prior to 2.13.1 Description The kanban npm package, used by the cline CLI, implements a WebSocket server on 127.0.0.1:3484 that lacks Origin header validation. Because WebSocket connections...

PT-2026-39061

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/amdgpu component where the amdgpu userq signal ioctl function lacks proper upper bound checks on user inputs. Providing excessively large input values can lead t...

PT-2026-39280

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Four Ollama proxy endpoints accept any model name from the user and forward the request to the Ollama backend without verifying if the user is authorized to access that model. While these endpoint...

PT-2026-39099

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A refcount underflow occurs in the scx cgroup init function due to a redundant call to css put in the error path. The iterator css for each descendant pre traverses the cgroup hierarchy...

Control Web Panel 操作系统命令注入漏洞

Control Web Panel is a Linux virtual host control panel. Versions of Control Web Panel prior to 0.9.8.1209 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the key parameter in /admin/index.php, allowing unauthenticated...

ASUS System Control Interface 缓冲区错误漏洞

ASUS System Control Interface is a computer system control interface developed by ASUS, a Chinese company. There is a buffer overflow vulnerability in the ASUS System Control Interface. This vulnerability arises from reading sizes that exceed the size of the buffer within the IOCTL handler, which...

PT-2026-39083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the legacy NCM driver within the gncm bind function. This issue arises because the driver attempts to access the net device before it is fully...

PT-2026-38640

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An Out-of-bounds Read in the IOCTL handler allows a local user to cause a system crash BSOD. This occurs when a read size is requested that exceeds the allocated buffer...

An Automated Framework for Cybersecurity Policy Compliance Assessment against Security Control Standards

Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result,...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

PT-2026-39272

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI allows model composition through the base model id variable, where a user-defined model can reference a base model for inference. An access control flaw exists because the system verifi...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

PT-2026-38915

Name of the Vulnerable Software and Affected Versions CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can access specific APIs to restore a volume...