Mesop 安全漏洞

Mesop is a fast-building Python web application UI framework developed by Mesop OpenSource. Versions of Mesop 1.2.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by a path traversal issue with the statetoken parameter, which could lead to denial-of-service...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

EUVD-2026-11078

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally...

StudioCMS 安全漏洞

StudioCMS is StudioCMS open source a content management system . A security vulnerability exists in StudioCMS that can be exploited by an attacker to cause an authenticated user to perform arbitrary file operations on S3 storage buckets...

dhtmlx FileExplorer 安全漏洞

dhtmlx FileExplorer is a JavaScript file system developed by the dhtmlx company. There is a security vulnerability in dhtmlx FileExplorer, which stems from an authentication bypass in the embedded SwiFTP FTP server component. This vulnerability allows network attackers to log in and perform file...

EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)

According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

PT-2026-23643

Name of the Vulnerable Software and Affected Versions OpenSift versions prior to 1.6.3-alpha Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. Versions of OpenSift prior to 1.6.3-alpha had path-injection risks in file read, write, and...

📄 GVfs 1.58.1 FTP Backend CRLF Injection

A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...

GHSA-62CR-6WP5-Q43H Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.2.0 and 1.123.8 contained a code injection vulnerability. This vulnerability stemmed from the ability of authorized authenticated users to chain-utilize the Read/Write Files from Disk node with g...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to fil...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability. This vulnerability stems from improper allocation of permissions for critical resources, which may allow file operations to...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to fil...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to fil...

SUSE-SU-2026:0525-1 Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes one security issue The following security issue was fixed: - CVE-2025-40186: tcp: Don't call reqskfastopenremove in tcpconnrequest bsc1253439. The following non security issue was fixed: - bsc1250280: don't expose...

SUSE-SU-2026:0524-1 Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: - CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. - CVE-2025-40186: tcp: Don't call reqskfastopenremove in tcpconnrequest bsc1253439. The...

SUSE-SU-2026:0515-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and...